Bug 1326726

Summary: Fix multiple issues with xt action
Product: Red Hat Enterprise Linux 7 Reporter: Phil Sutter <psutter>
Component: iprouteAssignee: Phil Sutter <psutter>
Status: CLOSED ERRATA QA Contact: Jaroslav Aster <jaster>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: aloughla, atragler, jaster, mleitner, mmarusic, omoris, psutter, rkhan, sukulkar
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: iproute-3.10.0-80.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1465599 (view as bug list) Environment:
Last Closed: 2017-08-01 21:32:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Phil Sutter 2016-04-13 11:29:29 UTC 
The xt action is in a very bad shape. Here's a few things which cause trouble (tested on a vanilla kernel):

# tc filter add dev d0 parent ffff: u32 match u32 0 0 action xt -j DROP
tablename: mangle hook: NF_IP_PRE_ROUTING
Segmentation fault (core dumped)

# tc filter add dev d0 parent ffff: u32 match u32 0 0 \
        action xt -j MARK --set-mark 0x1 \
        action xt -j MARK --set-mark 0x1
tablename: mangle hook: NF_IP_PRE_ROUTING
 	target:  MARK set 0x1 index 0
Segmentation fault (core dumped)

At least adding two separate matches with xt action as reported in bug 1314403 works.
Comment 1 Phil Sutter 2016-06-10 14:39:13 UTC 
Patches sent upstream: https://www.mail-archive.com/netdev@vger.kernel.org/msg114055.html
Comment 3 Phil Sutter 2016-06-21 21:00:04 UTC 
These are the patches to backport (at least):

445745221a21e tc: m_xt: Prevent segfault with standard targets
8eee75a8358c5 tc: m_xt: Fix segfault when adding multiple actions at once
f1a7c7d8301e9 tc: m_xt: Fix indenting
b45f9141c2602 tc: m_xt: Get rid of one indentation level in parse_ipt()
b0ba0185763ad tc: m_xt: Drop unused variable fw in parse_ipt()
ab8f52fc4ae11 tc: m_xt: Get rid of rargc in parse_ipt()
28432f370e6ad tc: m_xt: Get rid of iargc variable in parse_ipt()
f6ddd9c5da4e5 tc: m_xt: Simplify argc adjusting in parse_ipt()
2ef4008585ec9 tc: m_xt: Introduce get_xtables_target_opts()
4b83a08c280fc m_xt: whitespace cleanup
Comment 9 errata-xmlrpc 2017-08-01 21:32:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2171