On Thu, May 17, 2018 at 10:49:49PM +0900, Taehee Yoo wrote:
> In the nft_meta_set_eval, nftrace value is dereferenced as u32 from sreg.
> But correct type is u8. so that sometimes incorrect value is dereferenced.
>
> Steps to reproduce:
>
> %nft add table ip filter
> %nft add chain ip filter input { type filter hook input priority 4\; }
> %nft add rule ip filter input nftrace set 0
> %nft monitor
>
> Sometimes, we can see trace messages.
>
> trace id 16767227 ip filter input packet: iif "enp2s0"
> ether saddr xx:xx:xx:xx:xx:xx ether daddr xx:xx:xx:xx:xx:xx
> ip saddr 192.168.0.1 ip daddr 255.255.255.255 ip dscp cs0
> ip ecn not-ect ip
> trace id 16767227 ip filter input rule nftrace set 0 (verdict continue)
> trace id 16767227 ip filter input verdict continue
> trace id 16767227 ip filter input
Applied to nf.git, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
