[Bug 1072] New: coredump when parsing ip protocol with number > 6

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Jun 6 21:02:53 CEST 2016


https://bugzilla.netfilter.org/show_bug.cgi?id=1072

            Bug ID: 1072
           Summary: coredump when parsing ip protocol with number > 6
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: frederik.schwan at linux.com

My goal: filter GRE (IP proto 47) traffic

This rule gives me a coredump when I try to load it:
ip protocol 47 ip saddr x.x.x.x accept

All numbers lower than 7 seem to work:
ip protocol 6 ip saddr x.x.x.x accept <- works



debug output:
update network layer protocol context:
 link layer          : inet
 network layer       : ip <-
 transport layer     : none

update network layer protocol context:
 link layer          : inet
 network layer       : ip <-
 transport layer     : none

/etc/nftables.conf:41:29-30: Evaluate
                ip protocol 47 ip saddr x.x.x.x accept
                            ^^
$47

/etc/nftables.conf:41:29-30: Evaluate
                ip protocol 47 ip saddr x.x.x.x accept
                            ^^
gre

[1]    20347 segmentation fault  sudo nft --debug all -f /etc/nftables.conf

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160606/696994ae/attachment-0001.html>


More information about the netfilter-buglog mailing list