On Wed, Mar 25, 2020 at 12:53:28PM +0200, Paul Blakey wrote: > Unlink nft flow table flows, flows from act_ct tables don't have route, > and so don't have a dst_entry. nf_flow_rule_match() tries to deref > this null dst_entry regardless. > > Fix that by checking for dst entry exists, and if not, skip > tunnel match. This is fixed in nf-next: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git/commit/ I'll get this merged into net-next asap.
