[Bug 1406] New: nft dies with an assertion of consumed > 0

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Feb 5 07:23:31 CET 2020


            Bug ID: 1406
           Summary: nft dies with an assertion of consumed > 0
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Gentoo
            Status: NEW
          Severity: major
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: kfm at plushkava.net

I'm using nftables-0.9.3 with libnftnl-1.1.5. I am able to trigger the
assertion mentioned in the summary. Here's how. Firstly, load the following

flush ruleset
table ip metrics  {
    set servers {
        type ipv4_addr
    chain egress {
        type filter hook prerouting priority filter - 1; policy accept;
        iifname != "igb0" ct original daddr @servers

Next, try to list a table by any given name - even the "metrics" table itself:

# nft list table metrics
nft: netlink_delinearize.c:124: netlink_parse_concat_expr: Assertion `consumed
> 0' failed.

I have noticed that the assertion can be avoided by remove the "ct original
daddr @servers" condition from the rule.

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200205/d1631eed/attachment.html>

More information about the netfilter-buglog mailing list