Hi Stefano,
On Sun, Mar 22, 2020 at 03:22:01AM +0100, Stefano Brivio wrote:
> ...and return -ENOTEMPTY to the front-end in this case, instead of
> proceeding. Currently, nft takes care of checking for these cases
> and not sending them to the kernel, but if we drop the set_overlap()
> call in nft we can end up in situations like:
>
> # nft add table t
> # nft add set t s '{ type inet_service ; flags interval ; }'
> # nft add element t s '{ 1 - 5 }'
> # nft add element t s '{ 6 - 10 }'
> # nft add element t s '{ 4 - 7 }'
> # nft list set t s
> table ip t {
> set s {
> type inet_service
> flags interval
> elements = { 1-3, 4-5, 6-7 }
> }
> }
>
> This change has the primary purpose of making the behaviour
> consistent with nft_set_pipapo, but is also functional to avoid
> inconsistent behaviour if userspace sends overlapping elements for
> any reason.
nftables/tests/py is reporting a regression that is related to this
patch. If I locally revert this patch here, tests/py works fine here.
Thanks.
