Package: nftables
Version: 0.9.8-3.1+deb11u2
Package: libnftables1
Version: 0.9.8-3.1+deb11u2
Since upgrade of nftables/libnftables1 from 0.9.8-3.1+deb11u1 ->
0.9.8-3.1+deb11u2, nftables segfault with this simple rules:
$ cat /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}
include "/etc/nftables.conf.d/*.conf"
$ cat /etc/nftables.conf.d/test.conf
table inet filter {
set test {
type ipv4_addr
flags interval
elements = { 1.2.3.4/32 }
}
}
# systemctl start nftables -> segfault
# nft -cf /etc/nftables.conf -> segfault
There is no segfault with 0.9.8-3.1+deb11u1 version, only with
0.9.8-3.1+deb11u2 version.
If I move test set on nftables.conf, no problem.
Segfault only occured with set declared inside included file
I'm using a fresh bullseye install, fully up-to-date
Best regards
