Hi Thorsten,
On Fri, 10 Apr 2020 19:25:49 +0200
Thorsten Knabe <linux@xxxxxxxxxxxxxxxxx> wrote:
> Hello.
>
> BUG: Anonymous maps with adjacent intervals are broken starting with
> Linux 5.6. Linux 5.5.16 is not affected.
>
> Environment:
> - Linux 5.6.3 (AMD64)
> - nftables 0.9.4
>
> Trying to apply the ruleset:
>
> flush ruleset
>
> table ip filter {
> chain test {
> ip daddr vmap {
> 10.255.1.0-10.255.1.255: accept,
> 10.255.2.0-10.255.2.255: drop
> }
> }
> }
>
> using nft results in an error on Linux 5.6.3:
>
> # nft -f simple.nft
> simple.nft:7:19-5: Error: Could not process rule: File exists
> ip daddr vmap {
Thanks for reporting this issue. I can't test it right now, but:
commit 72239f2795fab9a58633bd0399698ff7581534a3
Author: Stefano Brivio <sbrivio@xxxxxxxxxx>
Date: Wed Apr 1 17:14:38 2020 +0200
netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion
should be the fix for this. Can you try with that?
--
Stefano
