On Tue, Sep 22, 2015 at 09:41:12PM +0300, littlesmilingcloud@xxxxxxxxx wrote: > Hello. > > I have try to add the subnet element to the named set, and nft has closed unexpectly. > I use the 4.2 stable kernel and latest stable release of libnftnl and nftables from git. > > Reproduce of the strange behaviour. > -------------------------------------------------------------------------------------- > nft> list ruleset; > nft> add table ip filter; > nft> add set ip filter addr_list { type ipv4_addr; } This should be instead: nft> add set ip filter addr_list { type ipv4_addr; flags interval; } > nft> add element ip filter addr_list { 192.168.1.1 } > nft> add element ip filter addr_list { 192.168.10.0/24 } > BUG: invalid data expression type prefix > nft: netlink.c:326: netlink_gen_data: Assertion `0' failed. We should be showing a better error on this, so the user knows the set was not defined to have intervals. Anyway, even after the missing flags there on top, you'll hit another EEXIST bug that we currently have in the kernel. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html