bugzilla-daemon at netfilter.org
2018-Nov-28 09:27 UTC
[Bug 1304] New: issue with interval sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1304
Bug ID: 1304
Summary: issue with interval sets
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Reporter: arturo at debian.org
Original bug report: https://bugs.debian.org/914706
nft version: 0.9.0
kernel version: 4.18
Not sure if already fixed. If so, please add link to concrete commit.
root at xmachine1:/home/user/testcase# nft add element filter S1 { 10.6.0.0/28 }
root at xmachine1:/home/user/testcase# nft list set filter S1
table ip filter {
set S1 {
type ipv4_addr
flags interval
elements = { 10.5.0.20/31, 10.6.0.0/28 }
}
}
root at xmachine1:/home/user/testcase# nft delete element filter S1 {
10.5.0.20/31
}
root at xmachine1:/home/user/testcase# nft list set filter S1
table ip filter {
set S1 {
type ipv4_addr
flags interval
elements = { 10.6.0.0/28 }
}
}
root at xmachine1:/home/user/testcase# nft delete element filter S1 {
10.6.0.0/28
}
Error: Could not process rule: No such file or directory
delete element filter S1 { 10.6.0.0/28 }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
root at xmachine1:/home/user/testcase#
root at xmachine1:/home/user/testcase#
root at xmachine1:/home/user/testcase# nft add element filter S1 { 10.7.0.0/28 }
root at xmachine1:/home/user/testcase# nft delete element filter S1 {
10.6.0.0/28
}
root at xmachine1:/home/user/testcase# nft list set filter S1
table ip filter {
set S1 {
type ipv4_addr
flags interval
elements = { 10.7.0.0/28 }
}
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181128/3331a7f4/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 11:17 UTC
[Bug 1304] issue with interval sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1304
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
This works here with: Linux kernel 5.8.0 and nftables 0.9.6
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/66068790/attachment-0001.html>
bugzilla-daemon at netfilter.org
2020-Aug-28 18:36 UTC
[Bug 1304] issue with interval sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1304
--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
I think this one is fixing the issue:
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Mar 6 00:51:03 2019 +0100
segtree: add missing non-matching segment to set in flat representation
# cat test.nft
add set x y { type ipv4_addr; }
add element x y { 10.0.24.0/24 }
# nft -f test.nft
# nft delete element x y { 10.0.24.0/24 }
bogusly returns -ENOENT. The non-matching segment (0.0.0.0 with end-flag
set on) is not added to the set in the example above.
This patch also adds a test to cover this case.
Closing this, as this work here with current nftables versions.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200828/81946ce2/attachment.html>
bugzilla-daemon at netfilter.org
2020-Sep-22 00:31 UTC
[Bug 1304] issue with interval sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1304
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200922/f2341183/attachment.html>
Apparently Analagous Threads
- [Bug 1352] New: After adding map type ipv4_addr : counter it behaves as a set
- [Bug 994] New: Named sets with type "ipv4_addr" do not allow adding CIDR elements
- [Bug 1734] New: nft set with auto-merge json import/export
- [Bug 1180] New: Can't create a set with both timeout and interval flags at the same time
- [Bug 1736] New: nftables - dynamic update for verdict map from the packet path