Le Tuesday, November 29, 2016 11:54:30 PM CET Pablo Neira Ayuso a écrit :
> On Tue, Nov 29, 2016 at 11:37:21PM +0100, Martin Bednar wrote:
> > Hi, I just hit a kernel bug using nftables.
> > Using kernel 4.8.11.
> >
> > Inline is a minimal configuration file to reproduce and the dmesg log.
> > Let me know if you need anything else.
> >
> > Martin.
> >
> > Minimal configuration to reproduce:
> >
> > table inet filter{
> >
> > map iface_rules {type iface_index : verdict;}
> > chain lan1{
> > }
> >
> > chain input{
> > type filter hook input priority 0;policy accept;
> >
> > iif vmap @iface_rules
> >
> > }
> >
> > }
> > add element inet filter iface_rules {enp0s18 : jump lan1 } #BUG_ON here.
>
> Fixed by:
>
> http://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git/commit/?id=58c78e10
> 4d937c1f560fb10ed9bb2dcde0db4fcf
>
> Will pass this to -stable asap.
Thanks! Will try the patch tomorrow.
>
> Thanks for reporting.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
