Hi Liping,
On fre, 2016-10-21 at 20:42 +0800, Liping Zhang wrote:
> Hi Anders,
>
> 2016-10-21 16:26 GMT+08:00 Anders K. Pedersen | Cohaesio <akp@cohaesi
> o.com>:
> [...]
> >
> > I had a look at it. This construct is used for NFT_CT_SRC and
> > NFT_CT_DST, where the init function just returns the IPv6 length
> > for
> > the inet family. But I'm not sure how this can work for userspace,
> > and
> > at least for current nftables there are problems:
> >
> > # nft flush ruleset
> > # nft add table inet filter
> > # nft add chain inet filter input
> > # nft add rule inet filter input ether type ip flow table acct \{
> > ct original saddr timeout 600s counter \}
> > # nft list ruleset
> > Killed
> > # nft list flow tables
> > Killed
>
> I guess there's a bug in nft utility, same problem exists in ip/ip6
> family.
I looked into why this happens.
netlink_delinearize_rule() loops through the expressions and
calls netlink_parse_rule_expr() for each of them (meta, cmp, payload,
cmp, ct, dynset). netlink_parse_rule_expr() calls netlink_parse_expr(),
which calls the specific expression parsers.
The problem begins for the ct expression, where netlink_parse_ct() and
netlink_parse_ct_expr() is called, which calls ct_expr_alloc(). The
latter fills a new expr with data from ct_templates[], which
has &invalid_type with length 0 for NFT_CT_SRC.
This expr is then used in netlink_parse_dynset(), where
if (expr->len < set->keylen) {
expr = netlink_parse_concat_expr(ctx, loc, sreg, set->keylen);
with (expr->len = 0) < (set->keylen = 32) tries to parse it as a
concatenated expression even though it's not, and ends up in an endless
loop:
while (len > 0) {
...
len -= netlink_padded_len(expr->len);
reg += netlink_register_space(expr->len);
}
There's code in ct_expr_update_type() to fix up the data from
ct_templates[] for NFT_CT_SRC and others, but this is based on data
from struct proto_ctx *ctx and those are not available
in ct_expr_alloc().
I don't know how to solve this.
Regards,
Anders��.n��������+%�������w��{.n����z�����n�r�������&��z�ޗ�zf���h���~����������_��+v���)ߣ�
