<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - set add always returns false or otherwise ends evaluation"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1144">1144</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>set add always returns false or otherwise ends evaluation
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>x86_64
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>kernel
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>rwhite@pobox.com
</td>
</tr></table>
<p>
<div>
<pre>In the following example the counters should both equal at least 2 but the one
predicated on the add is zero.
ASIDE: In my humble opinion the target2 set should be empty, as update
shouldn't add elements, only update them if they are present; but the notation
in the wiki regarding the only difference between add and update being the
treatment of the timeouts implies that the set update is working correctly or
otherwise always returns true.
table ip example {
set target1 {
type ipv4_addr
flags timeout
elements = { 8.8.8.8 expires 23h59m53s, 192.168.100.1 expires
23h59m52s}
}
set target2 {
type ipv4_addr
flags timeout
elements = { 192.168.100.1 expires 23h59m59s, 8.8.8.8 expires
23h59m53s}
}
chain output {
type filter hook output priority 0; policy accept;
ct state new counter packets 95 bytes 5702
ct state new set add ip daddr timeout 1d @target1 counter packets 0
bytes 0
ct state new set update ip daddr timeout 1d @target2 counter packets 95
bytes 5702
}
}</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>