Re: [nft PATCH v2] evaluate: Accept ranges of N-N

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 05, 2019 at 02:58:47PM +0200, Pablo Neira Ayuso wrote:
> On Fri, Jul 05, 2019 at 02:15:05PM +0200, Phil Sutter wrote:
> > Trying to add a range of size 1 was previously not allowed:
> > 
> > | # nft add element ip t s '{ 40-40 }'
> > | Error: Range has zero or negative size
> > | add element ip t s { 40-40 }
> > |                      ^^^^^
> > 
> > The error message is not correct: If a range 40-41 is of size 2 (it
> > contains elements 40 and 41), a range 40-40 must be of size 1.
> > 
> > Handling this is even supported already: If a single element is added to
> > an interval set, it is converted into just this range. The implication
> > is that on output, previous input of '40-40' is indistinguishable from
> > single element input '40'.
> 
> What kind of human is going to generate such range? :-)

According to the ticket, some scripts do. :)

> I think we can place this item in the "nft ruleset optimization"
> discussion during the NFWS.

Sure, I'll add a note to the proposal.

Thanks, Phil



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux