Re: [PATCH nft] src/ct: provide fixed data lengh sizes for ip/ip6 keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Fri, Jul 12, 2019 at 12:35:03PM +0200, Florian Westphal wrote:
> > nft can load but not list this:
> > 
> > table inet filter {
> >  chain input {
> >   ct original ip daddr {1.2.3.4} accept
> >  }
> > }
> > 
> > Problem is that the ct template length is 0, so we believe the right hand
> > side is a concatenation because left->len < set->key->len is true.
> > nft then calls abort() during concatenation parsing.
> > 
> > Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1222
> > Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> 
> Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> Please, add new entry to tests/py before pushing this out.

Will do.
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux