On Sun, Jun 24, 2018 at 03:53:35PM +0200, darius wrote: > Ok, my bad. I was running nft as non-root user, therefore I got this > fault. No problems running as 'root'. > > /Darius > > On 24-06-2018 14:51, darius wrote: > > Hi. I have just installed nftables 0.9.0 on my router and when I tried > > to add ruleset script to it with command 'nft -f ruleset.nft' then I got > > 'segmentation fault'. Same ruleset was working without any problems with > > nft 0.8.5. So the first idea that came to my mind is that I run > > incompatible kernel. I use 4.14.50 on OpenWRT/LEDE. > > If it is a case, then I need to raise a ticket in OpenWRT. > > > > Last information in '--debug all' was this: > > > > ./ruleset.nft:290:18-31: Evaluate symbol > > ip saddr @port_scanners log group 1 log prefix "Drop port > > scanners" group 2 counter drop > > ^^^^^^^^^^^^^^ > > $port_scanners > > > > ---------------- ------------------ > > | 0000000020 | | message length | > > | 02576 | R--- | | type | flags | > > | 0000000001 | | sequence number| > > | 0000000000 | | port ID | > > ---------------- ------------------ > > | 00 00 00 00 | | extra header | > > ---------------- ------------------ > > ---------------- ------------------ > > | 0000000020 | | message length | > > | 02561 | R--- | | type | flags | > > | 0000000001 | | sequence number| > > | 0000000000 | | port ID | > > ---------------- ------------------ > > | 00 00 00 00 | | extra header | > > ---------------- ------------------ > > ---------------- ------------------ > > | 0000000036 | | message length | > > | 02570 | R-A- | | type | flags | > > | 0000000001 | | sequence number| > > | 0000000000 | | port ID | > > ---------------- ------------------ > > | 02 00 00 00 | | extra header | > > |00013|--|00001| |len |flags| type| > > | 69 70 76 34 | | data | i p v 4 > > | 5f 6e 61 74 | | data | _ n a t > > | 00 00 00 00 | | data | > > ---------------- ------------------ > > Segmentation fault Could you tell me steps to reproduce it? Even if kernel comes with not nft support, or you run it as non-root, it should not segfault. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
