[Bug 1144] set add always returns false or otherwise ends evaluation
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sat Apr 15 16:09:28 CEST 2017
https://bugzilla.netfilter.org/show_bug.cgi?id=1144
Liping Zhang <zlpnobody at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zlpnobody at gmail.com
--- Comment #1 from Liping Zhang <zlpnobody at gmail.com> ---
(In reply to Robert White from comment #0)
> In the following example the counters should both equal at least 2 but the
> one predicated on the add is zero.
Can you try this patch?
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 049ad2d..4ce82f8 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -93,7 +93,7 @@ static void nft_dynset_eval(const struct nft_expr *expr,
return;
}
out:
- if (!priv->invert)
+ if (priv->invert)
regs->verdict.code = NFT_BREAK;
}
> ASIDE: In my humble opinion the target2 set should be empty, as update
> shouldn't add elements, only update them if they are present; but the
> notation in the wiki regarding the only difference between add and update
> being the treatment of the timeouts implies that the set update is working
> correctly or otherwise always returns true.
Actually, "add" and "update" will both add new elements. The biggest difference
between them is that "update" will refresh the timeout of the element, but
"add" will not.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170415/57daa2a9/attachment.html>
More information about the netfilter-buglog
mailing list