]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2ac4d1c) | patch
evaluate: tunnel: don't assume src is set
authorFlorian Westphal <fw@strlen.de>
Thu, 16 Oct 2025 14:59:33 +0000 (16:59 +0200)
committerFlorian Westphal <fw@strlen.de>
Fri, 17 Oct 2025 07:40:55 +0000 (09:40 +0200)
commitf9047c1f1a4e5841785a39049d47bba4bfdb592b
tree35890f2ee36e7bc8d6780846e9a7f503a6e1ed65tree | snapshot
parent2ac4d1c73907451eb4c092c342c389f8d7aa6790commit | diff
evaluate: tunnel: don't assume src is set

Included bogon crashes, after fix:

empty_geneve_definition_crash:2:9-16: Error: Could not process rule: Invalid argument

Since this feature is undocumented (hint, hint) I don't know
if there are cases where ip daddr can be elided.

If not, a followup patch should reject empty dst upfront
so users get a more verbose error message.

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Fernando Fernandez Mancera <fmancera@suse.de>
src/evaluate.c diff | blob | blame | history
tests/shell/testcases/bogons/nft-f/empty_geneve_definition_crash [new file with mode: 0644] blob
Mirror of git://git.netfilter.org/nftables