[Bug 843] New: ipset swap doesn't behave as expected

[bugzilla-daemon at netfilter.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=843

           Summary: ipset swap doesn't behave as expected
           Product: ipset
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: default
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: quentin at armitage.org.uk
   Estimated Hours: 0.0


The ipset man page says the following:

       w, swap SETNAME-FROM SETNAME-TO
              Swap  the  content  of  two  sets, or in another words, exchange
the name of two sets. The referred sets must
              exist and identical type of sets can be swapped only.

Actually, ipset is more flexible and allows some compatible set types to be
swapped, e.g. a hash:ip,port and a hash:net,port can be swapped.

It might be worth changing the man page to change "identical type" to
"compatible types".

However, the following, which on the face of it appears reasonable, fails:
# ipset create foo hash:ip
# ipset create bar bitmap:ip range 0.0.0.0/24
# ipset swap foo bar
ipset v6.19: The sets cannot be swapped: they type does not match.
(note there is a typo here too, "they" should be "their", and it should really
read "their types do not match")

Finally, the following succeeds, which doesn't seem to make sense (but see
bz#842):
# ipset create foo hash:ip family inet
# ipset create foo6 hash:ip family inet6
# ipset swap foo foo6

especially since foo and foo6 can already be referenced by iptables/ip6tables
rules.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.