Based on analysis in https://github.com/istio/istio/issues/58492
It is possible that this patch is missing from stable https://git.netfilter.org/nftables/commit/?id=be737a1986bfee0ddea4bee7863dca0123a2bcbc (either ops check, or both ops and !ops->parse_udata checks) Should we ship that as a stable update? Note trying to propose the same fix for Ubuntu as well in https://bugs.launchpad.net/ubuntu/noble/+source/nftables/+bug/2142552 Regards, Dimitri.
