On Wed, 26 Feb 2020 12:10:56 +0100
Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Wed, Feb 26, 2020 at 11:59:24AM +0100, Stefano Brivio wrote:
> [...]
> > One detail, unrelated to this patch, that I should probably document in
> > man pages and Wiki (I forgot, it occurred to me while testing): it is
> > allowed to insert an entry if a proper subset of it, with no
> > overlapping bounds, is already inserted. The reverse sequence is not
> > allowed. This can be used without ambiguity due to strict guarantees
> > about ordering. That is:
> >
> > # nft add element t s '{ 1.0.0.20-1.0.0.21 . 3.3.3.3 }'
> > # nft add element t s '{ 1.0.0.10-1.0.0.100 . 3.3.3.3 }'
>
> OK, so first element "shadows" the second one. And the first element
> will matching in case that address is 1.0.0.20 and 10.0.0.21. Right?
Correct.
> Your patch looks good to me, BTW.
Thanks for checking! Let me know how to proceed.
--
Stefano
