[pkg-netfilter-team] Bug#1067161: nftables: BUG: invalid mapping expression variable
Daniel Gröber
dxld at darkboxed.org
Tue Mar 19 15:00:28 GMT 2024
Package: nftables
Version: 1.0.6-2+deb12u2
Severity: normal
Dear Maintainer,
The nftables config below triggers a BUG.
$ nft -f /etc/nftables.conf
BUG: invalid mapping expression variable
nft: evaluate.c:1797: expr_evaluate_map: Assertion `0' failed.
Aborted
Refactoring to using $srvaddr_map instead of having the anonymous map
inline made the bug trigger.
Thanks,
--Daniel
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldoldstable-updates'), (500, 'oldoldstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-18-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nftables depends on:
ii libc6 2.36-9+deb12u4
ii libedit2 3.1-20221030-2
ii libnftables1 1.0.6-2+deb12u2
Versions of packages nftables recommends:
ii netbase 6.4
Versions of packages nftables suggests:
pn firewalld <none>
-- Configuration Files:
/etc/nftables.conf changed:
flush ruleset
define iid_mask6 = ::ffff:ffff:ffff:ffff
define srvaddr_map = { ::8384 : 8384 }
table inet filter {
chain input {
type filter hook input priority filter;
}
chain prerouting {
type nat hook prerouting priority dstnat;
ip6 nexthdr tcp redirect to ip6 daddr & $iid_mask6 map $srvaddr_map # s/ map.*/{ ::8384 : 8384 }/ works
}
chain forward {
type filter hook forward priority filter;
}
chain output {
type filter hook output priority filter;
}
}
-- no debconf information
More information about the pkg-netfilter-team
mailing list