So adding the same element doesn't trigger any error:
# nft add element filter bogons { 3.3.3.123/24 }
# nft add element filter bogons { 3.3.3.123/24 }
Still kernel reports an error if we use create instead:
# nft create element filter bogons { 3.3.3.123/24 }
<cmdline>:1:1-46: Error: Could not process rule: File exists
create element filter bogons { 3.3.3.123/24 }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/segtree.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/segtree.c b/src/segtree.c
index 45e5f5b22e2e..5b6cdd1d770d 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -336,6 +336,10 @@ static unsigned int expr_to_intervals(const struct expr *set,
static bool interval_overlap(const struct elementary_interval *e1,
const struct elementary_interval *e2)
{
+ if (mpz_cmp(e1->left, e2->left) == 0 &&
+ mpz_cmp(e1->right, e2->right) == 0)
+ return false;
+
return (mpz_cmp(e1->left, e2->left) >= 0 &&
mpz_cmp(e1->left, e2->right) <= 0) ||
(mpz_cmp(e1->right, e2->left) >= 0 &&
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
