[Bug 1454] New: nft list set omits timeout values for intervals formatted as hyphenated ranges

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Aug 24 08:26:53 CEST 2020


https://bugzilla.netfilter.org/show_bug.cgi?id=1454

            Bug ID: 1454
           Summary: nft list set omits timeout values for intervals
                    formatted as hyphenated ranges
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Gentoo
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: kfm at plushkava.net

Sometimes, the list set command expresses intervals as ranges rather than in
CIDR notation. I do not understand what the criteria is for doing so, exactly.
When it happens, the attached timeout values are not reported.

Here are some demonstrations, which were carried out with nftables (commit
ca2e6e0), libnftnl (commit a4db940) and Linux 5.7.16.

# nft create table t
# nft 'add set t s { type ipv4_addr; flags interval; timeout 60s; }'
# nft add element t s { 224.0.0.0/3 }
# nft list set t s | grep -o 'elements.*'
elements = { 224.0.0.0-255.255.255.255 }

Here, the list command has not shown the timeout for the element, even though
one is attached.

# nft flush set t s
# nft add element t s { 224.0.0.0/4, 240.0.0.0/4 }
# nft list set t s | grep -o 'elements.*'
elements = { 224.0.0.0/4 expires 55s152ms, 240.0.0.0-255.255.255.255 }

Here, the list command shows two elements, with the timeout missing for one of
them.

# nft delete set t s
# nft 'add set t s { type ipv4_addr; flags interval; auto-merge; timeout 60s;
}'
# nft add element t s { 224.0.0.0/4, 240.0.0.0/4 }
# nft list set t s | grep -o 'elements.*'
elements = { 224.0.0.0-255.255.255.255 }

Here, the given elements have been correctly merged but, again, the timeout is
missing.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200824/806b1386/attachment.html>


More information about the netfilter-buglog mailing list