[Bug 1072] New: coredump when parsing ip protocol with number > 6
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon Jun 6 21:02:53 CEST 2016
https://bugzilla.netfilter.org/show_bug.cgi?id=1072
Bug ID: 1072
Summary: coredump when parsing ip protocol with number > 6
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: frederik.schwan at linux.com
My goal: filter GRE (IP proto 47) traffic
This rule gives me a coredump when I try to load it:
ip protocol 47 ip saddr x.x.x.x accept
All numbers lower than 7 seem to work:
ip protocol 6 ip saddr x.x.x.x accept <- works
debug output:
update network layer protocol context:
link layer : inet
network layer : ip <-
transport layer : none
update network layer protocol context:
link layer : inet
network layer : ip <-
transport layer : none
/etc/nftables.conf:41:29-30: Evaluate
ip protocol 47 ip saddr x.x.x.x accept
^^
$47
/etc/nftables.conf:41:29-30: Evaluate
ip protocol 47 ip saddr x.x.x.x accept
^^
gre
[1] 20347 segmentation fault sudo nft --debug all -f /etc/nftables.conf
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160606/696994ae/attachment-0001.html>
More information about the netfilter-buglog
mailing list