Phil reports that inserting an element, that includes a concatenated range colliding with an existing one, fails silently. This is because so far set back-ends have no way to tell apart cases of identical elements being inserted from clashing elements. On insertion, the front-end would strip -EEXIST if NLM_F_EXCL is not passed, so we return success to userspace while an error in fact occurred. As suggested by Pablo, allow back-ends to return -ENOTEMPTY in case of partial overlaps, with patch 1/4. Then, with patches 2/4 to 4/4, update nft_set_pipapo and nft_set_rbtree to report partial overlaps using the new error code. v2: Only consider active elements for rbtree overlap detection in patch 4/4 (Pablo Neira Ayuso) Stefano Brivio (4): nf_tables: Allow set back-ends to report partial overlaps on insertion nft_set_pipapo: Separate partial and complete overlap cases on insertion nft_set_rbtree: Introduce and use nft_rbtree_interval_start() nft_set_rbtree: Detect partial overlaps on insertion net/netfilter/nf_tables_api.c | 5 ++ net/netfilter/nft_set_pipapo.c | 34 ++++++++++--- net/netfilter/nft_set_rbtree.c | 87 ++++++++++++++++++++++++++++++---- 3 files changed, 110 insertions(+), 16 deletions(-) -- 2.25.1