[Bug 1509] New: Long type concatenations in sets are not reflected by the output of list ruleset

Sat Mar 6 12:56:29 CET 2021

https://bugzilla.netfilter.org/show_bug.cgi?id=1509

            Bug ID: 1509
           Summary: Long type concatenations in sets are not reflected by
                    the output of list ruleset
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: kfm at plushkava.net

Created attachment 625
  --> https://bugzilla.netfilter.org/attachment.cgi?id=625&action=edit
nft-set-long-type-bug script (bash)

The attached script produces the following output for the system on which I am
testing.

1: ipv4_addr
2: ipv4_addr . ipv4_addr
3: ipv4_addr . ipv4_addr . ipv4_addr
4: ipv4_addr . ipv4_addr . ipv4_addr . ipv4_addr
5: ipv4_addr . ipv4_addr . ipv4_addr . ipv4_addr . ipv4_addr
6: bitmask . ipv4_addr . ipv4_addr . ipv4_addr . ipv4_addr . ipv4_addr
7: bitmask . ipv4_addr . ipv4_addr . ipv4_addr . ipv4_addr . ipv4_addr

For each iteration, nft accepts its input without complaint. However, the
output of "list ruleset" ceased to match the input after the 5th iteration.
After the 6th iteration, the output doesn't appear to change at all.

This particular test was conducted using nftables-0.9.8, libnftnl-1.1.9 and a
5.10.4 kernel.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20210306/93c044cd/attachment.html>