On 5/28/19 11:26 AM, Arturo Borrero Gonzalez wrote: > On 5/27/19 12:29 PM, Arturo Borrero Gonzalez wrote: >> On 5/25/19 6:49 PM, Thomas Lamprecht wrote: >>> Package: iptables >>> Version: 1.8.2-4 >>> Severity: grave >>> File: /usr/sbin/xtables-nft-multi >>> Justification: renders package unusable by segfaulting on usage >>> >>> Reproducer: >>> # cat simple-segv-table >>> *filter >>> :NEW-OUTPUT - [0:0] >>> -A OUTPUT -j NEW-OUTPUT >>> -F NEW-OUTPUT >>> -A NEW-OUTPUT -j ACCEPT >>> COMMIT >>> >>> # iptables ./simple-segv-table >>> Segmentation fault >>> >>> # dmesg | tail -1 >>> [12860.813350] traps: iptables-restor[19173] general protection >>> ip:7f4894682793 sp:7ffcedc177d0 error:0 in >>> libnftnl.so.11.0.0[7f4894677000+17000] >>> >>> # addr2line -e /usr/lib/x86_64-linux-gnu/libnftnl.so.11.0.0 -fCi $(printf >>> "%x" $[0x7f2cb9882793 - 0x7f2cb9877000]) >>> nftnl_batch_is_supported >>> ??:? >>> >> >> I can reproduce this. >> >> I'm already looking for a fix. >> > > This should be fixed in iptables 1.8.3, which just got released. >
Yes, I can confirm, it works again with iptables 1.8.3-1~exp1 and libnftnl 1.1.3-1~exp1. Much thanks for the quick response!
