On Fri, Jul 27, 2018 at 01:29:07PM +0200, Pablo Neira Ayuso wrote: > On Fri, Jul 27, 2018 at 12:53:22PM +0200, Phil Sutter wrote: > > Hi, > > > > On Fri, Jul 27, 2018 at 11:45:16AM +0200, Pablo Neira Ayuso wrote: > > > On Fri, Jul 27, 2018 at 12:22:33AM +0200, Phil Sutter wrote: > > > > This should happen in ebtables-restore only: If a previous rule > > > > contained a standard target, the standard target object is inserted into > > > > xtables_targets. Though since that doesn't have a 'parse' callback, the > > > > code segfaults. Therefore make the code ignore that special object > > > > (which is not an issue since standard targets don't support parameters). > > > > > > Hm, I see. > > > > > > How can this the standard target get into this list? > > > > IIRC, the code flow is like this: > > > > -> do_commandeb() encounters '-j' parameter > > -> command_jump() > > -> xtables_find_target() > > -> xtables_fully_register_pending_target() > > I see, but what is the rule that loads the standard target or it is > already there? > > Asking this because we don't seem to need this in the > iptables/xtables.c parser. For unknown arguments, do_parse() calls command_default() which searches the list of matches in cs->matches. In ebtables, this code is different in that the global xtables_matches list is searched instead. Probably that's why standard target is encountered by ebtables but not iptables. Cheers, Phil -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html