Hide Forgot
The xt action is in a very bad shape. Here's a few things which cause trouble (tested on a vanilla kernel): # tc filter add dev d0 parent ffff: u32 match u32 0 0 action xt -j DROP tablename: mangle hook: NF_IP_PRE_ROUTING Segmentation fault (core dumped) # tc filter add dev d0 parent ffff: u32 match u32 0 0 \ action xt -j MARK --set-mark 0x1 \ action xt -j MARK --set-mark 0x1 tablename: mangle hook: NF_IP_PRE_ROUTING target: MARK set 0x1 index 0 Segmentation fault (core dumped) At least adding two separate matches with xt action as reported in bug 1314403 works.
Patches sent upstream: https://www.mail-archive.com/netdev@vger.kernel.org/msg114055.html
These are the patches to backport (at least): 445745221a21e tc: m_xt: Prevent segfault with standard targets 8eee75a8358c5 tc: m_xt: Fix segfault when adding multiple actions at once f1a7c7d8301e9 tc: m_xt: Fix indenting b45f9141c2602 tc: m_xt: Get rid of one indentation level in parse_ipt() b0ba0185763ad tc: m_xt: Drop unused variable fw in parse_ipt() ab8f52fc4ae11 tc: m_xt: Get rid of rargc in parse_ipt() 28432f370e6ad tc: m_xt: Get rid of iargc variable in parse_ipt() f6ddd9c5da4e5 tc: m_xt: Simplify argc adjusting in parse_ipt() 2ef4008585ec9 tc: m_xt: Introduce get_xtables_target_opts() 4b83a08c280fc m_xt: whitespace cleanup
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2171