On Tue, Jun 12, 2018 at 11:02:32AM +0200, Florian Westphal wrote: > Ale <mystic@xxxxxx> wrote: > > [ cc stable, could you please queue below fix? ] > > > When I try to use CT HELPER for the ipv6, nft it dies and I have to > > restart the pc. But it works well for ip and inet. > > > > nft add ct helper ip6 filter ftp-std { type \"ftp\" protocol tcp\; } > > nft add rule ip6 filter WAN-IN iifname $IF_WAN_1 tcp sport $UP_PORTS > > tcp dport $UP_PORTS ct helper set \"ftp-std\" counter accept > > > > Kernel: RIP: strlen+0x0/0x20 RSP: ffffae1b4c67f980 > > kernel: Code: f8 48 89 f9 74 09 48 83 c1 01 80 39 00 75 f7 31 d2 44 0f > > b6 04 16 44 88 04 11 48 83 c2 01 45 84 c0 75 ee c3 0f 1f 80 00 00 00 00 > > <80> 3f 00 74 10 48 89 f8 48 > > > This is most likely fixed in 4.17 by > > commit b71534583f22d08c3e3563bf5100aeb5f5c9fbe5 > netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump > > The bug was added in Linux 4.12. Queued up to 4.16.y and 4.14.y, thanks. greg k-h -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html