[Bug 843] New: ipset swap doesn't behave as expected

Tue Aug 13 02:41:06 CEST 2013


           Summary: ipset swap doesn't behave as expected
The ipset man page says the following:

              Swap  the  content  of  two  sets, or in another words, exchange
the name of two sets. The referred sets must
              exist and identical type of sets can be swapped only.

Actually, ipset is more flexible and allows some compatible set types to be
swapped, e.g. a hash:ip,port and a hash:net,port can be swapped.

It might be worth changing the man page to change "identical type" to
"compatible types".

However, the following, which on the face of it appears reasonable, fails:
# ipset create foo hash:ip
# ipset create bar bitmap:ip range
# ipset swap foo bar
ipset v6.19: The sets cannot be swapped: they type does not match.
(note there is a typo here too, "they" should be "their", and it should really
read "their types do not match")

Finally, the following succeeds, which doesn't seem to make sense (but see
# ipset create foo hash:ip family inet
# ipset create foo6 hash:ip family inet6
# ipset swap foo foo6

especially since foo and foo6 can already be referenced by iptables/ip6tables

