diff options
| author | Florian Westphal <fw@strlen.de> | 2016-10-21 01:10:34 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2016-10-21 11:45:10 +0200 |
| commit | 9604b087a97d58822b4e72676dea429304561c44 (patch) | |
| tree | 14a4634f40b1abb3b059224da0bf25161ac8fbfd | |
| parent | 2b1a0db97d40b1b9d9240ac0bb0cc771eb359516 (diff) | |
netlink: fix monitor trace crash with netdev family
nft monitor trace crashes on first packet with:
table netdev filter {
chain foobar {
type filter hook ingress device eth0 priority 0;
udp sport 53 meta nftrace set 1
}
}
We did not handle netdev family and thus generated bogus payload
statements without data types.
Netfilter Bugzilla: http://bugzilla.netfilter.org/show_bug.cgi?id=1092
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | src/netlink.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/netlink.c b/src/netlink.c index f8da2a6b..f8e600ff 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -2340,6 +2340,7 @@ next: static void trace_print_packet(const struct nftnl_trace *nlt) { struct list_head stmts = LIST_HEAD_INIT(stmts); + const struct proto_desc *ll_desc; struct payload_dep_ctx pctx = {}; struct proto_ctx ctx; uint16_t dev_type; @@ -2359,12 +2360,14 @@ static void trace_print_packet(const struct nftnl_trace *nlt) NFT_META_OIF)); proto_ctx_init(&ctx, nftnl_trace_get_u32(nlt, NFTNL_TRACE_FAMILY)); - if (ctx.protocol[PROTO_BASE_LL_HDR].desc == &proto_inet && + ll_desc = ctx.protocol[PROTO_BASE_LL_HDR].desc; + if ((ll_desc == &proto_inet || ll_desc == &proto_netdev) && nftnl_trace_is_set(nlt, NFTNL_TRACE_NFPROTO)) { nfproto = nftnl_trace_get_u32(nlt, NFTNL_TRACE_NFPROTO); + proto_ctx_update(&ctx, PROTO_BASE_LL_HDR, &netlink_location, NULL); proto_ctx_update(&ctx, PROTO_BASE_NETWORK_HDR, &netlink_location, - proto_find_upper(&proto_inet, nfproto)); + proto_find_upper(ll_desc, nfproto)); } if (ctx.protocol[PROTO_BASE_LL_HDR].desc == NULL && nftnl_trace_is_set(nlt, NFTNL_TRACE_IIFTYPE)) { |