Package: nftables Version: 0.9.2-2 Severity: normal Dear Maintainer,
nft crashes with "Memory allocation failure", when using synproxy. A simple test with the example from http://patchwork.ozlabs.org/patch/1120688/ root@buster:/home/user# cat > x table ip x { chain y { type filter hook prerouting priority raw; policy accept; tcp flags syn notrack } chain z { type filter hook input priority filter; policy accept; ct state { invalid, untracked } synproxy mss 1460 wscale 7 timestamp sack-perm ct state invalid drop } } root@buster:/home/user# nft -f x netlink.c:93: Memory allocation failure root@buster:/home/user# When I comment the synproxy statement, nft doesn't crash. I'm using Debian stable (buster), with only nftables from testing. nftables from buster-backports is crashing the same way. -- System Information: Debian Release: 10.1 APT prefers stable APT policy: (500, 'stable'), (50, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages nftables depends on: ii dpkg 1.19.7 ii libc6 2.28-10 ii libnftables1 0.9.2-2 ii libreadline8 8.0-3 nftables recommends no packages. Versions of packages nftables suggests: pn firewalld <none> -- no debconf information
