[pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table
Bernhard Übelacker
bernhardu at mailbox.org
Tue Feb 11 15:06:33 GMT 2020
Dear Maintainer,
I tried to collect some more information and got
the following backtrace with the restore command
from the submitter.
It looks like "expr->ops" contains a null pointer
that gets dereferenced.
Unfortunately I still see the same crash after
upgrading to the versions in backports in my test VM.
Also this crash is still visible in a minimal
Bullseye/testing VM.
Kind regards,
Bernhard
(gdb) bt
#0 0x00007fd480466793 in nftnl_expr_build_payload (nlh=0x7fd47fc7a178, expr=0x55fe70704f40) at expr.c:210
#1 0x00007fd480461783 in nftnl_rule_nlmsg_build_payload (nlh=0x7fd47fc7a178, r=0x55fe70705650) at rule.c:320
#2 0x000055fe6e793c66 in nft_compat_rule_batch_add (h=<optimized out>, type=<optimized out>, flags=<optimized out>, seq=<optimized out>, rule=<optimized out>) at nft.c:2579
#3 0x000055fe6e79493e in nft_action (h=0x7fff14b33560, action=0) at nft.c:2673
#4 0x000055fe6e790555 in xtables_restore_parse (h=h at entry=0x7fff14b33560, p=p at entry=0x7fff14b33540, cb=cb at entry=0x55fe6e7b8140 <restore_cb>, argc=argc at entry=1, argv=argv at entry=0x7fff14b336e8) at xtables-restore.c:143
#5 0x000055fe6e790f90 in xtables_restore_main (family=2, progname=<optimized out>, argc=1, argv=0x7fff14b336e8) at xtables-restore.c:474
#6 0x00007fd47fcf709b in __libc_start_main (main=0x55fe6e78bfb0 <main>, argc=1, argv=0x7fff14b336e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff14b336d8) at ../csu/libc-start.c:308
#7 0x000055fe6e78bfea in _start ()
(gdb) print expr
$3 = (struct nftnl_expr *) 0x55fe70704f40
(gdb) print expr->ops
$4 = (struct expr_ops *) 0x0
(gdb) list expr.c:210
205
206 void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr)
207 {
208 struct nlattr *nest;
209
210 mnl_attr_put_strz(nlh, NFTA_EXPR_NAME, expr->ops->name);
211
212 if (!expr->ops->build)
213 return;
214
https://sources.debian.org/src/libnftnl/1.1.2-2/src/expr.c/#L210
-------------- next part --------------
# Buster/stable amd64 qemu VM 2020-02-11
apt update
apt dist-upgrade
apt install systemd-coredump mc git fakeroot strace gdb iptables-dbgsym libnftnl11-dbgsym
apt build-dep iptables libnftnl11
mkdir /home/benutzer/source/libnftnl11/orig -p
cd /home/benutzer/source/libnftnl11/orig
apt source libnftnl11
cd
mkdir /home/benutzer/source/iptables/orig -p
cd /home/benutzer/source/iptables/orig
apt source iptables
cd
mkdir /home/benutzer/source/iptables/git -p
cd /home/benutzer/source/iptables/git
git clone git://git.netfilter.org/iptables
cd
iptables-restore <<EOF
*nat
-F PREROUTING
-A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194
-F PREROUTING
-F POSTROUTING
COMMIT
EOF
dmesg
journalctl --no-pager
coredumpctl list
coredumpctl gdb 1104
set width 0
set pagination off
directory /home/benutzer/source/libnftnl11/orig/libnftnl-1.1.2/src
bt
root at debian:~# iptables-restore <<EOF
> *nat
> -F PREROUTING
> -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194
> -F PREROUTING
> -F POSTROUTING
> COMMIT
> EOF
Speicherzugriffsfehler (Speicherabzug geschrieben)
# journalctl --no-pager
Feb 11 13:34:26 debian kernel: iptables-restor[1104]: segfault at 0 ip 00007fd480466793 sp 00007fff14b30530 error 4 in libnftnl.so.11.0.0[7fd48045b000+17000]
Feb 11 13:34:26 debian kernel: Code: 0c 25 28 00 00 00 75 05 48 83 c4 18 c3 e8 b5 4a ff ff 0f 1f 44 00 00 41 54 55 48 89 fd 53 48 8b 46 18 48 89 f3 be 01 00 00 00 <48> 8b 10 e8 b5 51 ff ff 48 8b 43 18 48 83 78 30 00 74 32 48 89 ef
Feb 11 13:34:26 debian systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Feb 11 13:34:26 debian systemd[1]: Started Process Core Dump (PID 1105/UID 0).
Feb 11 13:34:26 debian systemd-coredump[1106]: Process 1104 (iptables-restor) of user 0 dumped core.
Stack trace of thread 1104:
#0 0x00007fd480466793 n/a (libnftnl.so.11)
#1 0x00007fd480461783 nftnl_rule_nlmsg_build_payload (libnftnl.so.11)
#2 0x000055fe6e79493e n/a (xtables-nft-multi)
#3 0x000055fe6e790555 n/a (xtables-nft-multi)
#4 0x000055fe6e790f90 n/a (xtables-nft-multi)
#5 0x00007fd47fcf709b __libc_start_main (libc.so.6)
#6 0x000055fe6e78bfea n/a (xtables-nft-multi)
Feb 11 13:34:26 debian systemd[1]: systemd-coredump at 0-1105-0.service: Succeeded.
root at debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Tue 2020-02-11 13:34:26 CET 1104 0 0 11 present /usr/sbin/xtables-nft-multi
root at debian:~# coredumpctl gdb 1104
PID: 1104 (iptables-restor)
UID: 0 (root)
GID: 0 (root)
Signal: 11 (SEGV)
Timestamp: Tue 2020-02-11 13:34:26 CET (2min 44s ago)
Command Line: iptables-restore
Executable: /usr/sbin/xtables-nft-multi
Control Group: /user.slice/user-1000.slice/session-1.scope
Unit: session-1.scope
Slice: user-1000.slice
Session: 1
Owner UID: 1000 (benutzer)
Boot ID: 07b3a6dc70ab428eb2a3fb217276c015
Machine ID: 33f18f39d2a9438eb75b0ed52848afcd
Hostname: debian
Storage: /var/lib/systemd/coredump/core.iptables-restor.0.07b3a6dc70ab428eb2a3fb217276c015.1104.1581424466000000.lz4
Message: Process 1104 (iptables-restor) of user 0 dumped core.
Stack trace of thread 1104:
#0 0x00007fd480466793 n/a (libnftnl.so.11)
#1 0x00007fd480461783 nftnl_rule_nlmsg_build_payload (libnftnl.so.11)
#2 0x000055fe6e79493e n/a (xtables-nft-multi)
#3 0x000055fe6e790555 n/a (xtables-nft-multi)
#4 0x000055fe6e790f90 n/a (xtables-nft-multi)
#5 0x00007fd47fcf709b __libc_start_main (libc.so.6)
#6 0x000055fe6e78bfea n/a (xtables-nft-multi)
GNU gdb (Debian 8.2.1-2+b3) 8.2.1
...
Core was generated by `iptables-restore'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fd480466793 in ?? () from /lib/x86_64-linux-gnu/libnftnl.so.11
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/source/libnftnl11/orig/libnftnl-1.1.2/src
Source directories searched: /home/benutzer/source/libnftnl11/orig/libnftnl-1.1.2/src:$cdir:$cwd
(gdb) bt
#0 0x00007fd480466793 in ?? () from /lib/x86_64-linux-gnu/libnftnl.so.11
#1 0x00007fd480461783 in nftnl_rule_nlmsg_build_payload () from /lib/x86_64-linux-gnu/libnftnl.so.11
#2 0x000055fe6e79493e in ?? ()
#3 0x000055fe6e790555 in ?? ()
#4 0x000055fe6e790f90 in ?? ()
#5 0x00007fd47fcf709b in __libc_start_main (main=0x55fe6e78bfb0, argc=1, argv=0x7fff14b336e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff14b336d8) at ../csu/libc-start.c:308
#6 0x000055fe6e78bfea in ?? ()
(gdb) bt
#0 0x00007fd480466793 in nftnl_expr_build_payload (nlh=0x7fd47fc7a178, expr=0x55fe70704f40) at expr.c:210
#1 0x00007fd480461783 in nftnl_rule_nlmsg_build_payload (nlh=0x7fd47fc7a178, r=0x55fe70705650) at rule.c:320
#2 0x000055fe6e793c66 in nft_compat_rule_batch_add (h=<optimized out>, type=<optimized out>, flags=<optimized out>, seq=<optimized out>, rule=<optimized out>) at nft.c:2579
#3 0x000055fe6e79493e in nft_action (h=0x7fff14b33560, action=0) at nft.c:2673
#4 0x000055fe6e790555 in xtables_restore_parse (h=h at entry=0x7fff14b33560, p=p at entry=0x7fff14b33540, cb=cb at entry=0x55fe6e7b8140 <restore_cb>, argc=argc at entry=1, argv=argv at entry=0x7fff14b336e8) at xtables-restore.c:143
#5 0x000055fe6e790f90 in xtables_restore_main (family=2, progname=<optimized out>, argc=1, argv=0x7fff14b336e8) at xtables-restore.c:474
#6 0x00007fd47fcf709b in __libc_start_main (main=0x55fe6e78bfb0 <main>, argc=1, argv=0x7fff14b336e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff14b336d8) at ../csu/libc-start.c:308
#7 0x000055fe6e78bfea in _start ()
(gdb) disassemble $pc-42,$pc+20
Dump of assembler code from 0x7fd480466769 to 0x7fd4804667a7:
0x00007fd480466769 <nftnl_expr_get_str+41>: or $0x25,%al
0x00007fd48046676b <nftnl_expr_get_str+43>: sub %al,(%rax)
0x00007fd48046676d <nftnl_expr_get_str+45>: add %al,(%rax)
0x00007fd48046676f <nftnl_expr_get_str+47>: jne 0x7fd480466776 <nftnl_expr_get_str+54>
0x00007fd480466771 <nftnl_expr_get_str+49>: add $0x18,%rsp
0x00007fd480466775 <nftnl_expr_get_str+53>: retq
0x00007fd480466776 <nftnl_expr_get_str+54>: callq 0x7fd48045b230 <__stack_chk_fail at plt>
0x00007fd48046677b: nopl 0x0(%rax,%rax,1)
0x00007fd480466780 <nftnl_expr_build_payload+0>: push %r12
0x00007fd480466782 <nftnl_expr_build_payload+2>: push %rbp
0x00007fd480466783 <nftnl_expr_build_payload+3>: mov %rdi,%rbp
0x00007fd480466786 <nftnl_expr_build_payload+6>: push %rbx
0x00007fd480466787 <nftnl_expr_build_payload+7>: mov 0x18(%rsi),%rax
0x00007fd48046678b <nftnl_expr_build_payload+11>: mov %rsi,%rbx
0x00007fd48046678e <nftnl_expr_build_payload+14>: mov $0x1,%esi
=> 0x00007fd480466793 <nftnl_expr_build_payload+19>: mov (%rax),%rdx
0x00007fd480466796 <nftnl_expr_build_payload+22>: callq 0x7fd48045b950 <mnl_attr_put_strz at plt>
0x00007fd48046679b <nftnl_expr_build_payload+27>: mov 0x18(%rbx),%rax
0x00007fd48046679f <nftnl_expr_build_payload+31>: cmpq $0x0,0x30(%rax)
0x00007fd4804667a4 <nftnl_expr_build_payload+36>: je 0x7fd4804667d8 <nftnl_expr_build_payload+88>
0x00007fd4804667a6 <nftnl_expr_build_payload+38>: mov %rbp,%rdi
End of assembler dump.
(gdb) list expr.c:210
205
206 void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr)
207 {
208 struct nlattr *nest;
209
210 mnl_attr_put_strz(nlh, NFTA_EXPR_NAME, expr->ops->name);
211
212 if (!expr->ops->build)
213 return;
214
(gdb) print expr
$3 = (struct nftnl_expr *) 0x55fe70704f40
(gdb) print expr->ops
$4 = (struct expr_ops *) 0x0
(gdb) print *expr
$5 = {head = {next = 0x55fe70704d60, prev = 0x55fe70702010}, flags = 0, ops = 0x0, data = 0x55fe70704f60 "\001"}
(gdb) bt full
#0 0x00007fd480466793 in nftnl_expr_build_payload (nlh=0x7fd47fc7a178, expr=0x55fe70704f40) at expr.c:210
nest = <optimized out>
#1 0x00007fd480461783 in nftnl_rule_nlmsg_build_payload (nlh=0x7fd47fc7a178, r=0x55fe70705650) at rule.c:320
expr = 0x55fe70704f40
nest = 0x7fd47fc7a1a4
nest2 = 0x7fd47fc7a1cc
#2 0x000055fe6e793c66 in nft_compat_rule_batch_add (h=<optimized out>, type=<optimized out>, flags=<optimized out>, seq=<optimized out>, rule=<optimized out>) at nft.c:2579
nlh = <optimized out>
#3 0x000055fe6e79493e in nft_action (h=0x7fff14b33560, action=0) at nft.c:2673
n = 0x55fe707059e0
tmp = <optimized out>
err = <optimized out>
ne = <optimized out>
buflen = <optimized out>
i = <optimized out>
len = <optimized out>
show_errors = true
errmsg = "POSTROUTING\000\324\177\000\000`5\263\024\377\177\000\000\t\000\000\000\000\000\000\000\020\000\000\000\000\000\000\000\343\062\333\177\324\177\000\000\060\v\263\024\377\177\000\000\340\201{n\376U\000\000\000\000\000\000\000\000\000\000PVppFU\000\000\321\071pp\376U\000\000\322\071pp\376U\000\000\340\201{n\376U\000\000\250\235{n\376U\000\000@\270zn\376U\000\000\330%\326\177\324\177\000\000\005\000\000\000\000\000\000\000\200\n\263\024\377\177\000\000\060\v\263\024\377\177\000\000\000\000\000\000\000\000\000\000@\000\000\000\000\000\000\000@\354\350\177\324\177\000\000\020\000\000\000\000\000\000\000\060\317\001\000\000\000\000\000\360\066\351\177\324\177\000\000"...
seq = 8
ret = 0
#4 0x000055fe6e790555 in xtables_restore_parse (h=h at entry=0x7fff14b33560, p=p at entry=0x7fff14b33540, cb=cb at entry=0x55fe6e7b8140 <restore_cb>, argc=argc at entry=1, argv=argv at entry=0x7fff14b336e8) at xtables-restore.c:143
ret = 0
buffer = "COMMIT\n\000OUTING\n\000 eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194\n", '\000' <repeats 6021 times>...
in_table = <optimized out>
curtable = 0x55fe6e7b8e40 <xtables_ipv4+544>
ops = <optimized out>
chain_list = 0x55fe70702280
#5 0x000055fe6e790f90 in xtables_restore_main (family=2, progname=<optimized out>, argc=1, argv=0x7fff14b336e8) at xtables-restore.c:474
tables = <optimized out>
h = {family = 2, nl = 0x55fe70702260, portid = 1104, seq = 0, obj_list = {next = 0x55fe707035c0, prev = 0x55fe707059e0}, obj_list_num = 6, batch = 0x55fe70705a10, err_list = {next = 0x7fff14b33598, prev = 0x7fff14b33598}, ops = 0x55fe6e7b8ee0 <nft_family_ops_ipv4>, tables = 0x55fe6e7b8c20 <xtables_ipv4>, chain_cache = 0x55fe70702280, rule_cache = 0x55fe707032f0, restore = true, config_done = -1 '\377', error = {lineno = 6}}
c = <optimized out>
p = {in = 0x7fd47fe8ea00 <_IO_2_1_stdin_>, testing = 0, tablename = 0x0, commit = true}
#6 0x00007fd47fcf709b in __libc_start_main (main=0x55fe6e78bfb0 <main>, argc=1, argv=0x7fff14b336e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff14b336d8) at ../csu/libc-start.c:308
self = <optimized out>
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 5924497025846453624, 94551263461312, 140733540677344, 0, 0, 448951714512348536, 462790818471191928}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fff14b336f8, 0x7fd4806b6190}, data = {prev = 0x0, cleanup = 0x0, canceltype = 347289336}}}
not_first_call = <optimized out>
#7 0x000055fe6e78bfea in _start ()
No symbol table info available.
https://sources.debian.org/src/libnftnl/1.1.2-2/src/expr.c/#L210
https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1721801.html
# points to 949101, maybe related, but in 949101 expr == 0, in 950535 expr->ops == 0
##############
##############
apt install libnftnl11=1.1.5-1~bpo10+1 libnftnl-dev=1.1.5-1~bpo10+1 libnftnl11-dbgsym=1.1.5-1~bpo10+1
-> still crashes
mv /usr/sbin/xtables-nft-multi /usr/sbin/xtables-nft-multi.orig
ln -s /home/benutzer/source/iptables/git/iptables/iptables/.libs/xtables-nft-multi /usr/sbin/xtables-nft-multi
mv /usr/lib/x86_64-linux-gnu/xtables /usr/lib/x86_64-linux-gnu/xtables.orig
ln -s /home/benutzer/source/iptables/git/iptables/extensions /usr/lib/x86_64-linux-gnu/xtables
export LD_LIBRARY_PATH=/home/benutzer/source/iptables/git/iptables/libxtables/.libs:/home/benutzer/source/iptables/git/iptables/libiptc/.libs:/home/benutzer/source/iptables/git/iptables/extensions
cd /home/benutzer/source/iptables/git/iptables
git checkout v1.8.2
./autogen.sh
./configure --disable-libipq --enable-devel --libdir=/usr/lib/x86_64-linux-gnu --with-xtlibdir=/usr/lib/x86_64-linux-gnu/xtables
make -j12
# test - still segfaults in nftnl_expr_build_payload
make distclean
git checkout v1.8.3
# Back to normal
rm /usr/sbin/xtables-nft-multi
rm /usr/lib/x86_64-linux-gnu/xtables
mv /usr/sbin/xtables-nft-multi.orig /usr/sbin/xtables-nft-multi
mv /usr/lib/x86_64-linux-gnu/xtables.orig /usr/lib/x86_64-linux-gnu/xtables
unset LD_LIBRARY_PATH
apt install iptables=1.8.2-4 libxtables12=1.8.2-4 iptables-dbgsym=1.8.2-4 libnftnl11=1.1.2-2 libnftnl11-dbgsym=1.1.2-2 libnftnl-dev=1.1.2-2
##############
##############
root at debian:~# { strace -f iptables-restore <<EOF
*nat
-F PREROUTING
-A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194
-F PREROUTING
-F POSTROUTING
COMMIT
EOF
} 2>&1 | grep -E "^(open|stat)" | grep -v "Datei oder Verzeichnis nicht gefunden"
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libmnl.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnftnl.so.11", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnetfilter_conntrack.so.3", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnfnetlink.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libxtables.so.12", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libm.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
stat("/lib/x86_64-linux-gnu", {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0
stat("/usr/lib/x86_64-linux-gnu", {st_mode=S_IFDIR|0755, st_size=20480, ...}) = 0
stat("/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/usr/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 4
openat(AT_FDCWD, "/etc/protocols", O_RDONLY|O_CLOEXEC) = 4
stat("/usr/lib/x86_64-linux-gnu/xtables/libxt_tcp.so", {st_mode=S_IFREG|0644, st_size=14464, ...}) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/xtables/libxt_tcp.so", O_RDONLY|O_CLOEXEC) = 4
stat("/usr/lib/x86_64-linux-gnu/xtables/libipt_REDIRECT.so", {st_mode=S_IFREG|0644, st_size=14472, ...}) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/xtables/libipt_REDIRECT.so", O_RDONLY|O_CLOEXEC) = 4
root at debian:~# mv /usr/lib/x86_64-linux-gnu/xtables/libipt_REDIRECT.so /usr/lib/x86_64-linux-gnu/xtables/libipt_REDIRECT.so.orig
root at debian:~# iptables-restore <<EOF
*nat
-F PREROUTING
-A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194
-F PREROUTING
-F POSTROUTING
COMMIT
EOF
iptables-restore v1.8.2 (nf_tables): unknown option "--to-ports"
Error occurred at line: 3
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
root at debian:~# mv /usr/lib/x86_64-linux-gnu/xtables/libipt_REDIRECT.so.orig /usr/lib/x86_64-linux-gnu/xtables/libipt_REDIRECT.so
##############
##############
Reset back to clean VM:
apt install systemd-coredump mc git fakeroot strace gdb iptables-dbgsym libnftnl11-dbgsym
apt build-dep iptables libnftnl11
apt install iptables=1.8.3-2~bpo10+1 libxtables12=1.8.3-2~bpo10+1 iptables-dbgsym=1.8.3-2~bpo10+1 libiptc0=1.8.3-2~bpo10+1 libnftnl11=1.1.5-1~bpo10+1 libnftnl11-dbgsym=1.1.5-1~bpo10+1 libnftnl-dev=1.1.5-1~bpo10+1
-> Still crashes
# dpkg -l | grep -E "iptables|nftnl|1.8.3-2~bpo10+1|1.1.5-1~bpo10+1|1.8.2-4| 1.1.2-2"
ii iptables 1.8.3-2~bpo10+1 amd64 administration tools for packet filtering and NAT
ii iptables-dbgsym 1.8.3-2~bpo10+1 amd64 debug symbols for iptables
ii libip4tc0:amd64 1.8.2-4 amd64 netfilter libip4tc library
ii libip6tc0:amd64 1.8.2-4 amd64 netfilter libip6tc library
ii libnftnl-dev:amd64 1.1.5-1~bpo10+1 amd64 Development files for libnftnl
ii libnftnl11:amd64 1.1.5-1~bpo10+1 amd64 Netfilter nftables userspace API library
ii libnftnl11-dbgsym:amd64 1.1.5-1~bpo10+1 amd64 debug symbols for libnftnl11
##############
##############
# Bullseye/testing amd64 qemu VM 2020-02-11
apt update
apt dist-upgrade
apt install systemd-coredump iptables-dbgsym libnftnl11-dbgsym
root at debian:~# iptables-restore <<EOF
> *nat
> -F PREROUTING
> -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194
> -F PREROUTING
> -F POSTROUTING
> COMMIT
> EOF
Speicherzugriffsfehler (Speicherabzug geschrieben)
Feb 11 16:03:42 debian kernel: iptables-restor[538]: segfault at 0 ip 00007fcd59260204 sp 00007ffd563701d0 error 4 in libnftnl.so.11.2.0[7fcd59254000+19000]
Feb 11 16:03:42 debian kernel: Code: 25 28 00 00 00 75 05 48 83 c4 18 c3 e8 65 40 ff ff 0f 1f 44 00 00 41 55 41 54 49 89 fc 55 48 8b 46 18 48 89 f5 be 01 00 00 00 <48> 8b 10 e8 94 47 ff ff 48 8b 45 18 48 83 78 30 00 74 31 4c 89 e7
Feb 11 16:03:42 debian systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Feb 11 16:03:42 debian systemd[1]: Started Process Core Dump (PID 546/UID 0).
Feb 11 16:03:42 debian systemd-coredump[547]: Process 538 (iptables-restor) of user 0 dumped core.
Stack trace of thread 538:
#0 0x00007fcd59260204 nftnl_expr_build_payload (libnftnl.so.11 + 0x15204)
#1 0x00007fcd5925afa3 nftnl_rule_nlmsg_build_payload (libnftnl.so.11 + 0xffa3)
#2 0x000056340c7bdc2c nft_action (xtables-nft-multi + 0x11c2c)
#3 0x000056340c7b7436 xtables_restore_parse_line (xtables-nft-multi + 0xb436)
#4 0x000056340c7b7936 xtables_restore_parse (xtables-nft-multi + 0xb936)
#5 0x000056340c7b7ca1 xtables_restore_main (xtables-nft-multi + 0xbca1)
#6 0x00007fcd5909ebbb __libc_start_main (libc.so.6 + 0x26bbb)
#7 0x000056340c7b512a _start (xtables-nft-multi + 0x912a)
Feb 11 16:03:42 debian systemd[1]: systemd-coredump at 0-546-0.service: Succeeded.
root at debian:~# uname -a
Linux debian 5.4.0-3-amd64 #1 SMP Debian 5.4.13-1 (2020-01-19) x86_64 GNU/Linux
More information about the pkg-netfilter-team
mailing list