All of lore.kernel.org
 help / color / mirror / Atom feed
* Re: ct helper ipv6
       [not found] <2c145015821e6e830beddf376e0f563dac2d1867.camel@tin.it>
@ 2018-06-12  9:02 ` Florian Westphal
  2018-06-12  9:51   ` Greg KH
  0 siblings, 1 reply; 2+ messages in thread
From: Florian Westphal @ 2018-06-12  9:02 UTC (permalink / raw)
  To: Ale; +Cc: netfilter, stable

Ale <mystic@tin.it> wrote:

[ cc stable, could you please queue below fix?  ]

> When I try to use CT HELPER for the ipv6, nft it dies and I have to
> restart the pc. But it works well for ip and inet.
> 
> nft add ct helper ip6 filter ftp-std { type \"ftp\" protocol tcp\; }
> nft add rule ip6 filter WAN-IN iifname $IF_WAN_1 tcp sport $UP_PORTS
> tcp dport $UP_PORTS ct helper set \"ftp-std\" counter accept
> 
> Kernel: RIP: strlen+0x0/0x20 RSP: ffffae1b4c67f980
> kernel: Code: f8 48 89 f9 74 09 48 83 c1 01 80 39 00 75 f7 31 d2 44 0f
> b6 04 16 44 88 04 11 48 83 c2 01 45 84 c0 75 ee c3 0f 1f 80 00 00 00 00
> <80> 3f 00 74 10 48 89 f8 48 >

This is most likely fixed in 4.17 by

commit b71534583f22d08c3e3563bf5100aeb5f5c9fbe5
netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump

The bug was added in Linux 4.12.

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: ct helper ipv6
  2018-06-12  9:02 ` ct helper ipv6 Florian Westphal
@ 2018-06-12  9:51   ` Greg KH
  0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2018-06-12  9:51 UTC (permalink / raw)
  To: Florian Westphal; +Cc: Ale, netfilter, stable

On Tue, Jun 12, 2018 at 11:02:32AM +0200, Florian Westphal wrote:
> Ale <mystic@tin.it> wrote:
> 
> [ cc stable, could you please queue below fix?  ]
> 
> > When I try to use CT HELPER for the ipv6, nft it dies and I have to
> > restart the pc. But it works well for ip and inet.
> > 
> > nft add ct helper ip6 filter ftp-std { type \"ftp\" protocol tcp\; }
> > nft add rule ip6 filter WAN-IN iifname $IF_WAN_1 tcp sport $UP_PORTS
> > tcp dport $UP_PORTS ct helper set \"ftp-std\" counter accept
> > 
> > Kernel: RIP: strlen+0x0/0x20 RSP: ffffae1b4c67f980
> > kernel: Code: f8 48 89 f9 74 09 48 83 c1 01 80 39 00 75 f7 31 d2 44 0f
> > b6 04 16 44 88 04 11 48 83 c2 01 45 84 c0 75 ee c3 0f 1f 80 00 00 00 00
> > <80> 3f 00 74 10 48 89 f8 48 >
> 
> This is most likely fixed in 4.17 by
> 
> commit b71534583f22d08c3e3563bf5100aeb5f5c9fbe5
> netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump
> 
> The bug was added in Linux 4.12.

Queued up to 4.16.y and 4.14.y, thanks.

greg k-h

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-06-12  9:52 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <2c145015821e6e830beddf376e0f563dac2d1867.camel@tin.it>
2018-06-12  9:02 ` ct helper ipv6 Florian Westphal
2018-06-12  9:51   ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.