bugzilla-daemon at netfilter.org
2020-Sep-23 19:40 UTC
[Bug 1470] New: [sets] improve flags combination
https://bugzilla.netfilter.org/show_bug.cgi?id=1470
Bug ID: 1470
Summary: [sets] improve flags combination
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: vtolkm at gmail.com
kernel 5.9.0-rc6 armv7l | nft 0.9.6
-----
in set this this works:
flags dynamic, timeout
does not work:
flags dynamic, timeout, interval
producing:
Error: Could not process rule: Not supported
----
having looked up wiki & man there is no mentioning that flags are mutually
or
otherwise exclusive and thus assumed that any given combination to work.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200923/d7d1c67e/attachment.html>
bugzilla-daemon at netfilter.org
2020-Dec-03 01:50 UTC
[Bug 1470] [sets] improve flags combination
https://bugzilla.netfilter.org/show_bug.cgi?id=1470
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
Blocks| |1461
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201203/1c2ce7d0/attachment.html>
bugzilla-daemon at netfilter.org
2020-Dec-03 14:29 UTC
[Bug 1470] [sets] improve flags combination
https://bugzilla.netfilter.org/show_bug.cgi?id=1470 --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- (In reply to vtolkm from comment #0)> kernel 5.9.0-rc6 armv7l | nft 0.9.6 > > ----- > > in set this this works: > > flags dynamic, timeout > > does not work: > > flags dynamic, timeout, intervalThis reads as, I would to have a set that: - it is going to be updated from the packet path - entries have a timeout - entries are composed of an internal (prefix or range)> producing: > > Error: Could not process rule: Not supported > > ---- > > having looked up wiki & man there is no mentioning that flags are mutually > or otherwise exclusive and thus assumed that any given combination to work.Kernel does not support for updating an interval set from the packet path, hence the EOPNOTSUPP. Should we document that interval and dynamic is not supported? -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201203/affcaf86/attachment.html>
Reasonably Related Threads
- [Bug 1466] New: [sets] add support for combination of counter and limit
- [Bug 1465] New: [vmap] ct state concatenation not working
- [Bug 1472] New: [sets] global named sets that can be utilised across families
- [Bug 1473] New: [log] not printing in combination with ct state and set update a/o rate limit
- [Bug 1474] New: [sets] improve context checks (against already primed sets)