[Bug 1144] set add always returns false or otherwise ends evaluation

[bugzilla-daemon at netfilter.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=1144

Liping Zhang <zlpnobody at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |zlpnobody at gmail.com

--- Comment #1 from Liping Zhang <zlpnobody at gmail.com> ---
(In reply to Robert White from comment #0)
> In the following example the counters should both equal at least 2 but the
> one predicated on the add is zero.
Can you try this patch?

diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 049ad2d..4ce82f8 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -93,7 +93,7 @@ static void nft_dynset_eval(const struct nft_expr *expr,
                return;
        }
 out:
-       if (!priv->invert)
+       if (priv->invert)
                regs->verdict.code = NFT_BREAK;
 }


> ASIDE: In my humble opinion the target2 set should be empty, as update
> shouldn't add elements, only update them if they are present; but the
> notation in the wiki regarding the only difference between add and update
> being the treatment of the timeouts implies that the set update is working
> correctly or otherwise always returns true.

Actually, "add" and "update" will both add new elements. The biggest difference
between them is that "update" will refresh the timeout of the element, but
"add" will not.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170415/57daa2a9/attachment.html>