[Bug 1114] set: Can't add elements after flushing a full set with size description

Mon Jan 23 14:45:50 CET 2017

https://bugzilla.netfilter.org/show_bug.cgi?id=1114

--- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to Elise Lennion from comment #2)
> I had this patch applied and the problem still persists here.
> 
> The behaviour looks like the number of elements in a set isn't decreased
> after flushing a set, even when all elements are different:
> 
> $ sudo nft add table x
> $ sudo nft add set x s {type ipv4_addr\; size 2\;}
> $ sudo nft add element x s {1.1.1.1}
> $ sudo nft flush set x s
> $ sudo nft add element x s {1.1.1.2}
> $ sudo nft add element x s {1.1.1.3}
> 
> <cmdline>:1:1-26: Error: Could not process rule: Too many open files in
> system
> add element x s {1.1.1.3}
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> If I delete the elements using 'delete' then it works as expected:
> 
> $ sudo nft add table x
> $ sudo nft add set x s {type ipv4_addr\; size 2\;}
> $ sudo nft add element x s {1.1.1.1}
> $ sudo nft delete element x s {1.1.1.1}
> $ sudo nft add element x s {1.1.1.2}
> $ sudo nft add element x s {1.1.1.3}
> No error
> 
> I tracked the number of elements in the set, when removing both by 'delete'
> and by 'flush', and the behaviour in nf_tables_commit() is the same, using
> both commands the number of elements is the expected.
> 
> However, the command 'flush' decreases 'set->nelems' but doesn't make room
> for new elements, don't know what's wrong.

OK, flushing is a different problem, although related yes.

http://patchwork.ozlabs.org/patch/717652/
http://patchwork.ozlabs.org/patch/717653/

You need these two patches to fix the set flush scenario.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170123/3305bc9a/attachment.html>