The -A flag in the firewall causes it to crash according to Juhani. Apparenently this occurs after the merging of the libnetfilter-queue.
It is unclear to me whether this bug is related (or even a duplicate of) to the other libnetfilter bug (lp:1221361) or not. That is, does the bug occur only with LSI interaction?
info(hipfw/hipfw.c:921@filter_hip): received packet type: UPDATE
info(hipfw/hipfw.c:943@filter_hip): src hit: 2001:0014:afbd:9bd9:352b:7e07:30d6:ed2c
info(hipfw/hipfw.c:944@filter_hip): dst hit: 2001:001a:2a72:f01c:d98e:311c:c76a:57c4
info(hipfw/hipfw.c:945@filter_hip): src ip: 130.233.42.5
info(hipfw/hipfw.c:946@filter_hip): dst ip: 193.167.187.149
debug(hipfw/hipfw.c:1051@filter_hip): falling back to default HIP/ESP behavior, target 1
debug(hipfw/conntrack.c:2059@get_tuple_by_hits): connection found,
debug(hipfw/conntrack.c:1736@check_packet): check packet: type 16
debug(hipfw/conntrack.c:591@find_esp_tuple): Esp tuple slist is empty
debug(hipfw/conntrack.c:1458@handle_first_update): existing ESP state does not include current SPI, re-establishing connection state
debug(hipfw/conntrack.c:802@remove_connection): tuple list before:
debug(hipfw/conntrack.c:184@print_tuple_list): TUPLE LIST:
debug(hipfw/conntrack.c:140@print_tuple): next tuple:
debug(hipfw/conntrack.c:141@print_tuple): direction: 0
debug(hipfw/conntrack.c:142@print_tuple): src: : 2001:001a:2a72:f01c:d98e:311c:c76a:57c4
debug(hipfw/conntrack.c:143@print_tuple): dst: : 2001:0014:afbd:9bd9:352b:7e07:30d6:ed2c
debug(hipfw/conntrack.c:140@print_tuple): next tuple:
debug(hipfw/conntrack.c:141@print_tuple): direction: 1
debug(hipfw/conntrack.c:142@print_tuple): src: : 2001:0014:afbd:9bd9:352b:7e07:30d6:ed2c
debug(hipfw/conntrack.c:143@print_tuple): dst: : 2001:001a:2a72:f01c:d98e:311c:c76a:57c4
debug(hipfw/conntrack.c:192@print_tuple_list):
debug(hipfw/conntrack.c:805@remove_connection): esp list before:
debug(hipfw/conntrack.c:167@print_esp_list): ESP LIST:
debug(hipfw/conntrack.c:155@print_esp_tuple): esp_tuple: spi:0xd89a0569 spi_update_id: 0 tuple dir:1
debug(hipfw/conntrack.c:121@print_esp_addresses): ESP dst addr list:
debug(hipfw/conntrack.c:124@print_esp_addresses): dst address: : 193.167.187.149
debug(hipfw/conntrack.c:130@print_esp_addresses):
Program received signal SIGSEGV, Segmentation fault.
print_esp_list () at hipfw/conntrack.c:169
169 if (list->data) {
(gdb)
Did you have some ACL rules configured for the firewall?