[Bug 1406] New: nft dies with an assertion of consumed > 0

[bugzilla-daemon at netfilter.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=1406

            Bug ID: 1406
           Summary: nft dies with an assertion of consumed > 0
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Gentoo
            Status: NEW
          Severity: major
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: kfm at plushkava.net

I'm using nftables-0.9.3 with libnftnl-1.1.5. I am able to trigger the
assertion mentioned in the summary. Here's how. Firstly, load the following
ruleset:

flush ruleset
table ip metrics  {
    set servers {
        type ipv4_addr
    }
    chain egress {
        type filter hook prerouting priority filter - 1; policy accept;
        iifname != "igb0" ct original daddr @servers
    }
}

Next, try to list a table by any given name - even the "metrics" table itself:

# nft list table metrics
nft: netlink_delinearize.c:124: netlink_parse_concat_expr: Assertion `consumed
> 0' failed.
Aborted

I have noticed that the assertion can be avoided by remove the "ct original
daddr @servers" condition from the rule.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200205/d1631eed/attachment.html>