bugzilla-daemon at netfilter.org
2018-Nov-28 09:27 UTC
[Bug 1304] New: issue with interval sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1304 Bug ID: 1304 Summary: issue with interval sets Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter: arturo at debian.org Original bug report: https://bugs.debian.org/914706 nft version: 0.9.0 kernel version: 4.18 Not sure if already fixed. If so, please add link to concrete commit. root at xmachine1:/home/user/testcase# nft add element filter S1 { 10.6.0.0/28 } root at xmachine1:/home/user/testcase# nft list set filter S1 table ip filter { set S1 { type ipv4_addr flags interval elements = { 10.5.0.20/31, 10.6.0.0/28 } } } root at xmachine1:/home/user/testcase# nft delete element filter S1 { 10.5.0.20/31 } root at xmachine1:/home/user/testcase# nft list set filter S1 table ip filter { set S1 { type ipv4_addr flags interval elements = { 10.6.0.0/28 } } } root at xmachine1:/home/user/testcase# nft delete element filter S1 { 10.6.0.0/28 } Error: Could not process rule: No such file or directory delete element filter S1 { 10.6.0.0/28 } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ root at xmachine1:/home/user/testcase# root at xmachine1:/home/user/testcase# root at xmachine1:/home/user/testcase# nft add element filter S1 { 10.7.0.0/28 } root at xmachine1:/home/user/testcase# nft delete element filter S1 { 10.6.0.0/28 } root at xmachine1:/home/user/testcase# nft list set filter S1 table ip filter { set S1 { type ipv4_addr flags interval elements = { 10.7.0.0/28 } } } -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181128/3331a7f4/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 11:17 UTC
[Bug 1304] issue with interval sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1304 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- This works here with: Linux kernel 5.8.0 and nftables 0.9.6 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/66068790/attachment-0001.html>
bugzilla-daemon at netfilter.org
2020-Aug-28 18:36 UTC
[Bug 1304] issue with interval sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1304 --- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> --- I think this one is fixing the issue: Author: Pablo Neira Ayuso <pablo at netfilter.org> Date: Wed Mar 6 00:51:03 2019 +0100 segtree: add missing non-matching segment to set in flat representation # cat test.nft add set x y { type ipv4_addr; } add element x y { 10.0.24.0/24 } # nft -f test.nft # nft delete element x y { 10.0.24.0/24 } bogusly returns -ENOENT. The non-matching segment (0.0.0.0 with end-flag set on) is not added to the set in the example above. This patch also adds a test to cover this case. Closing this, as this work here with current nftables versions. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200828/81946ce2/attachment.html>
bugzilla-daemon at netfilter.org
2020-Sep-22 00:31 UTC
[Bug 1304] issue with interval sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1304 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200922/f2341183/attachment.html>
Apparently Analagous Threads
- [Bug 1764] New: mapping IPv4 interval to IPv4 interval works for anonymous maps, but not for named maps
- [Bug 1352] New: After adding map type ipv4_addr : counter it behaves as a set
- [Bug 994] New: Named sets with type "ipv4_addr" do not allow adding CIDR elements
- [Bug 1734] New: nft set with auto-merge json import/export
- [Bug 1180] New: Can't create a set with both timeout and interval flags at the same time