On ancient kernels desc can be NULL, because such kernels do not understand NFTA_EXTHDR_TYPE. Thus they don't include it in the reverse dump, so the tcp/ip option gets treated like an ipv6 exthdr, but no matching description will be found. This then gives a crash due to the null deref. Just use the raw value here, this will at least make nft print that the exthdr and type is invalid. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- src/exthdr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/exthdr.c b/src/exthdr.c index f5527ddb4a3f..0358005b1b89 100644 --- a/src/exthdr.c +++ b/src/exthdr.c @@ -405,7 +405,7 @@ bool exthdr_find_template(struct expr *expr, const struct expr *mask, unsigned i found = tcpopt_find_template(expr, off, mask_len - mask_offset); break; case NFT_EXTHDR_OP_IPV6: - exthdr_init_raw(expr, expr->exthdr.desc->type, + exthdr_init_raw(expr, expr->exthdr.raw_type, off, mask_len - mask_offset, expr->exthdr.op, 0); /* still failed to find a template... Bug. */ -- 2.41.0
