(In reply to Kristyna Streitova from comment #5) > (In reply to Fabian Vogt from comment #1) > > @kstreitova: This was actually handled wrongly in iptables itself, a missing > > memset(&info, 0, sizeof(info)); in libiptc.c caused it to read garbage. It > > would be nice > > to have that fixed as well, even if it's ultimately a kernel bug. > > Could you be a little bit more specific, please? Or even better, can you > provide a patch if you've already identified where the problem lies? Thanks! Sure: diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index a6e70571..8c03ab42 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -1303,6 +1303,7 @@ TC_INIT(const char *tablename) { struct xtc_handle *h; STRUCT_GETINFO info; + memset(&info, 0, sizeof(info)); unsigned int tmp; socklen_t s; int sockfd; Without this, iptables -L reads garbage from the struct as the kernel never filled it in the bugged case, leading to weird issues like mmapping a few TiB of memory.