[Bug 1144] New: set add always returns false or otherwise ends evaluation
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri Apr 7 13:02:31 CEST 2017
https://bugzilla.netfilter.org/show_bug.cgi?id=1144
Bug ID: 1144
Summary: set add always returns false or otherwise ends
evaluation
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Reporter: rwhite at pobox.com
In the following example the counters should both equal at least 2 but the one
predicated on the add is zero.
ASIDE: In my humble opinion the target2 set should be empty, as update
shouldn't add elements, only update them if they are present; but the notation
in the wiki regarding the only difference between add and update being the
treatment of the timeouts implies that the set update is working correctly or
otherwise always returns true.
table ip example {
set target1 {
type ipv4_addr
flags timeout
elements = { 8.8.8.8 expires 23h59m53s, 192.168.100.1 expires
23h59m52s}
}
set target2 {
type ipv4_addr
flags timeout
elements = { 192.168.100.1 expires 23h59m59s, 8.8.8.8 expires
23h59m53s}
}
chain output {
type filter hook output priority 0; policy accept;
ct state new counter packets 95 bytes 5702
ct state new set add ip daddr timeout 1d @target1 counter packets 0
bytes 0
ct state new set update ip daddr timeout 1d @target2 counter packets 95
bytes 5702
}
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170407/3fa1003f/attachment.html>
More information about the netfilter-buglog
mailing list