On Wed, 26 Feb 2020 12:39:26 +0100
Stefano Brivio <sbrivio@xxxxxxxxxx> wrote:
> On Wed, 26 Feb 2020 12:34:43 +0100
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>
> > I mean, to catch elements that represents subsets/supersets of another
> > element (like in this example above), pipapo would need to make a
> > lookup for already matching rules for this new element?
>
> Right, and that's what those two pipapo_get() calls in
> nft_pipapo_insert() do.
Specifically, on re-reading your question: those find sets including
the subset that we would be about to insert, and forbid the insertion.
But, given an already existing proper subset with none of the bounds
overlapping ("more specific entry", by any measure), they won't return
it, so insertion can proceed.
--
Stefano
