Hello.
BUG: Anonymous maps with adjacent intervals are broken starting with
Linux 5.6. Linux 5.5.16 is not affected.
Environment:
- Linux 5.6.3 (AMD64)
- nftables 0.9.4
Trying to apply the ruleset:
flush ruleset
table ip filter {
chain test {
ip daddr vmap {
10.255.1.0-10.255.1.255: accept,
10.255.2.0-10.255.2.255: drop
}
}
}
using nft results in an error on Linux 5.6.3:
# nft -f simple.nft
simple.nft:7:19-5: Error: Could not process rule: File exists
ip daddr vmap {
The same ruleset works flawlessly using Linux 5.5.16.
Changing the ruleset to:
flush ruleset
table ip filter {
chain test {
ip daddr vmap {
10.255.1.0-10.255.1.254: accept,
10.255.2.0-10.255.2.255: drop
}
}
}
(non adjacent intervals) makes the ruleset work again on Linux 5.6.3.
Reverting commit 7c84d41416d836ef7e533bd4d64ccbdf40c5ac70 from Linux
5.6.3 also fixes the problem.
Kind regards
Thorsten
--
___
| | / E-Mail: linux@xxxxxxxxxxxxxxxxx
|horsten |/\nabe WWW: http://linux.thorsten-knabe.de
