pending patch seems fine. ________________________________________ From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Sent: Wednesday, March 25, 2020 12:55 PM To: Paul Blakey Cc: Oz Shlomo; Majd Dibbiny; Roi Dayan; netdev@xxxxxxxxxxxxxxx; Saeed Mahameed; netfilter-devel@xxxxxxxxxxxxxxx Subject: Re: [PATCH net-next] netfilter: flowtable: Fix accessing null dst entry On Wed, Mar 25, 2020 at 12:53:28PM +0200, Paul Blakey wrote: > Unlink nft flow table flows, flows from act_ct tables don't have route, > and so don't have a dst_entry. nf_flow_rule_match() tries to deref > this null dst_entry regardless. > > Fix that by checking for dst entry exists, and if not, skip > tunnel match. This is fixed in nf-next: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git/commit/ I'll get this merged into net-next asap.
