nft: fix bad length when comparing extension data area

Use ->userspacesize to compare the extension data area, otherwise
we also compare the internal private pointers which are only
meaningful to the kernelspace.

This fixes:

xtables -4 -D INPUT -m connlimit \
	--connlimit-above 10 --connlimit-mask 32 --connlimit-daddr

But it also fixes many other matches/targets which use internal
private data.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 file changed