<html>
    <head>
      <base href="https://bugzilla.netfilter.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - SIGABRT: "BUG: unknown expression type prefix""
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1187">1187</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>SIGABRT: "BUG: unknown expression type prefix"
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>nftables
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86_64
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>minor
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P5
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>nft
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>pablo@netfilter.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>alzeih@gmail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>I'm experiencing a SIGABRT when using nft with a particular rule, when I was
expecting a parse error instead.

The rule is:
"iifname ens3 snat to 10.0.0.0/28"

Command output:
# nft -f /etc/nftables.conf

 BUG: unknown expression type prefix
 nft: netlink_linearize.c:688: netlink_gen_expr: Assertion `0' failed.
 Aborted (core dumped)

With the following ruleset file:
#!/usr/bin/nft -f
# ipv4/ipv6 Simple & Safe Firewall
# you can find examples in /usr/share/nftables/

table ip nat {
  chain input {
    type nat hook input priority 0;
    iifname ens3 snat to 10.0.0.0/28
  }
}

System information:
# uname -a
 Linux archlinux 4.13.3-1-ARCH #1 SMP PREEMPT Thu Sep 21 20:33:16 CEST 2017
x86_64 GNU/Linux
# nft --version
 nftables v0.7 (Scrooge McDuck)

stack trace (without symbols) with message above shows it's probably an
assertion failure:

                Stack trace of thread 685:
                #0  0x00007f622879a8a0 raise (libc.so.6)
                #1  0x00007f622879bf09 abort (libc.so.6)
                #2  0x00007f62287930dc __assert_fail_base (libc.so.6)
                #3  0x00007f6228793153 __assert_fail (libc.so.6)
                #4  0x000055931071e66a n/a (nft)
                #5  0x000055931071f351 n/a (nft)
                #6  0x000055931071c11d n/a (nft)
                #7  0x000055931071c264 n/a (nft)
                #8  0x000055931070c379 n/a (nft)
                #9  0x000055931070c62f n/a (nft)
                #10 0x0000559310709ea5 n/a (nft)
                #11 0x0000559310709916 n/a (nft)
                #12 0x00007f6228786f6a __libc_start_main (libc.so.6)
                #13 0x0000559310709cca n/a (nft)

This may be an entirely reasonable action for this particular rule though.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>