[{"id":3684028,"web_url":"http://patchwork.ozlabs.org/comment/3684028/","msgid":"<950150qr-9p6p-q772-9796-p5o9o06r32q0@vanv.qr>","list_archive_url":null,"date":"2026-04-29T12:33:02","subject":"Re: [PATCH nf-next] netfilter: x_tables: disable 32bit compat\n interface in user namespaces","submitter":{"id":89448,"url":"http://patchwork.ozlabs.org/api/people/89448/","name":"Jan Engelhardt","email":"ej@inai.de"},"content":"On Wednesday 2026-04-29 11:59, Florian Westphal wrote:\n\n>This feature is required to use 32bit arp/ip/ip6/ebtables binaries on\n>64bit kernels.  I don't think there are many users left.\n\nThis breaks the setup in a Debian x32 systemd-nspawn container with \nxtables-legacy-multi.","headers":{"Return-Path":"\n <netfilter-devel+bounces-12285-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.105.105.114; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12285-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=144.76.212.145","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=inai.de","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=inai.de"],"Received":["from tor.lore.kernel.org (tor.lore.kernel.org [172.105.105.114])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5H4X5nv4z1yHX\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 22:42:04 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id CB18B3014C5F\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 12:42:02 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 289153F6610;\n\tWed, 29 Apr 2026 12:42:01 +0000 (UTC)","from a3.inai.de (a3.inai.de [144.76.212.145])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 89D283F23AA\n\tfor <netfilter-devel@vger.kernel.org>; Wed, 29 Apr 2026 12:41:58 +0000 (UTC)","by a3.inai.de (Postfix, from userid 25121)\n\tid 879C11003C5108; Wed, 29 Apr 2026 14:33:02 +0200 (CEST)","from localhost (localhost [127.0.0.1])\n\tby a3.inai.de (Postfix) with ESMTP id 8726A1100AFC08;\n\tWed, 29 Apr 2026 14:33:02 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777466520; cv=none;\n b=LUQUhN5wcN7G8AcSNRR4JN8o9NPifdPBeiJ5pGihY1gEhZyzH/SIecXePVAWTOE3sfgTR/gAH3ghL0UcKEKD/miHN5rCQQYZOCMPxXZuVrkEftWAkqmOzuDMQ0Lo2wl8VFszPpGm0GmTrn16xDQdOti4r6Z3xql8LMLu+0RSlC8=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777466520; c=relaxed/simple;\n\tbh=JQJFRLFeX3aIm4bSI7SbBlzTzXsY8sbWqb2cMuwhMAM=;\n\th=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References:\n\t MIME-Version:Content-Type;\n b=hp8MYV/nFdj8r0FnLtpK6uUlfjXfypnXOjOBwAnju2q1iGUh6S3T3W7/ZS/OE8mV3XIs+9EzyRg9B19VYLn981bsG1vtkwqMPg4x/r5B1fZxX2N/P4+zk4MyEPl/VwBxsI7jOLVhtWEEMMABrKE9HGEg3tcyU1eV11KqHqOi33s=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=inai.de;\n spf=pass smtp.mailfrom=inai.de; arc=none smtp.client-ip=144.76.212.145","Date":"Wed, 29 Apr 2026 14:33:02 +0200 (CEST)","From":"Jan Engelhardt <ej@inai.de>","To":"Florian Westphal <fw@strlen.de>","cc":"netfilter-devel@vger.kernel.org","Subject":"Re: [PATCH nf-next] netfilter: x_tables: disable 32bit compat\n interface in user namespaces","In-Reply-To":"<20260429095949.20910-1-fw@strlen.de>","Message-ID":"<950150qr-9p6p-q772-9796-p5o9o06r32q0@vanv.qr>","References":"<20260429095949.20910-1-fw@strlen.de>","User-Agent":"Alpine 2.26 (LSU 649 2022-06-02)","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=US-ASCII"}},{"id":3684030,"web_url":"http://patchwork.ozlabs.org/comment/3684030/","msgid":"<afH8w6AjlZUQK0Ja@strlen.de>","list_archive_url":null,"date":"2026-04-29T12:42:43","subject":"Re: [PATCH nf-next] netfilter: x_tables: disable 32bit compat\n interface in user namespaces","submitter":{"id":1025,"url":"http://patchwork.ozlabs.org/api/people/1025/","name":"Florian Westphal","email":"fw@strlen.de"},"content":"Jan Engelhardt <ej@inai.de> wrote:\n> >This feature is required to use 32bit arp/ip/ip6/ebtables binaries on\n> >64bit kernels.  I don't think there are many users left.\n> \n> This breaks the setup in a Debian x32 systemd-nspawn container with \n> xtables-legacy-multi.\n\nThats the intent.","headers":{"Return-Path":"\n <netfilter-devel+bounces-12286-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.234.253.10; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12286-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=91.216.245.30","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=strlen.de"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org [172.234.253.10])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5H9n2HdWz1yHZ\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 22:46:37 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id E074A302C6F5\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 12:42:55 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 1A86C3F7877;\n\tWed, 29 Apr 2026 12:42:55 +0000 (UTC)","from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc\n [91.216.245.30])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id EB3663C344B\n\tfor <netfilter-devel@vger.kernel.org>; Wed, 29 Apr 2026 12:42:52 +0000 (UTC)","by Chamillionaire.breakpoint.cc (Postfix, from userid 1003)\n\tid F0D0B6079C; Wed, 29 Apr 2026 14:42:48 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777466574; cv=none;\n b=IH0N/ndoDVxma5vCz4IJYtoiBqnwxLFiu5hrP91p/lOxN7b82cQvWzTqTt6MI6Ka/ush9FD9IlDk6CZz0xge7WXiNRjLlI0JBBDfjXLVAVLUxAcZPv+Rt/P01bMsdBEA9ZyjzbWy8g8TJSsW4tAemReg1M0l1259lunBeXfP7jQ=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777466574; c=relaxed/simple;\n\tbh=QXWUlBAUujBwwYzY8mt/RfL11eo4QC65A+eSuN6H4V0=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=ipIkMZpl8qxFEC1yPBIngSXzAmjwn+Cfnog/IRuJCnzpXM+kWkXjlxDNftHLDEVvGFFbHQvUru/mAj5oc6l/zjcyJ3zIVRr85INPtEr+5IgEhEaEDpu/YCGV5CuTqYtRbIApzbBtAR2hmttJve3CC5XfMNz+gAfOZ0G3mk4p6w0=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de;\n spf=pass smtp.mailfrom=strlen.de; arc=none smtp.client-ip=91.216.245.30","Date":"Wed, 29 Apr 2026 14:42:43 +0200","From":"Florian Westphal <fw@strlen.de>","To":"Jan Engelhardt <ej@inai.de>","Cc":"netfilter-devel@vger.kernel.org","Subject":"Re: [PATCH nf-next] netfilter: x_tables: disable 32bit compat\n interface in user namespaces","Message-ID":"<afH8w6AjlZUQK0Ja@strlen.de>","References":"<20260429095949.20910-1-fw@strlen.de>\n <950150qr-9p6p-q772-9796-p5o9o06r32q0@vanv.qr>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<950150qr-9p6p-q772-9796-p5o9o06r32q0@vanv.qr>"}}]