FS#47289 - [nftables] Segfault when loading rules with ip sets
Attached to Project:
Arch Linux
Opened by Henrik Juul Pedersen (henrikjuul) - Monday, 07 December 2015, 10:49 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 07 December 2015, 22:39 GMT
Opened by Henrik Juul Pedersen (henrikjuul) - Monday, 07 December 2015, 10:49 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 07 December 2015, 22:39 GMT
|
Details
Description:
nft version 0.5 segfaults when loading rules containing sets. See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801087 Fixed upstream in patch: http://git.netfilter.org/nftables/commit/src/expression.c?id=e6c83f45f522283c7afff4de7a71113116352dbf Could we consider applying the patch until next release from upstream? Steps to reproduce (from the above commit log): define addrs={ 1.2.3.4 } table ip filter { chain input { type filter hook input priority 0; ip saddr $addrs accept } } segfaults. Using saddr { 1.2.3.4 } instead of $addrs works. Thanks, /Henrik |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Monday, 07 December 2015, 22:39 GMT
Reason for closing: Fixed
Additional comments about closing: 1:0.5-2
Monday, 07 December 2015, 22:39 GMT
Reason for closing: Fixed
Additional comments about closing: 1:0.5-2