When mapping it to the comment match, otherwise, crash happens when
trying to save the ruleset listing.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
iptables/nft-shared.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 4db2832d459b..1d9554d36eeb 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -20,6 +20,7 @@
#include <xtables.h>
#include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter/xt_comment.h>
#include <libmnl/libmnl.h>
#include <libnftnl/rule.h>
@@ -554,7 +555,8 @@ void nft_rule_to_iptables_command_state(struct nftnl_rule *r,
if (match == NULL)
return;
- m = calloc(1, sizeof(struct xt_entry_match) + len);
+ m = calloc(1, sizeof(struct xt_entry_match) +
+ sizeof(struct xt_comment_info));
if (m == NULL) {
fprintf(stderr, "OOM");
exit(EXIT_FAILURE);
--
2.11.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
