Hello Stefano.
On 4/11/20 9:24 AM, Stefano Brivio wrote:
> Hi Thorsten,
>
> On Fri, 10 Apr 2020 19:25:49 +0200
> Thorsten Knabe <linux@xxxxxxxxxxxxxxxxx> wrote:
>
>> Hello.
>>
>> BUG: Anonymous maps with adjacent intervals are broken starting with
>> Linux 5.6. Linux 5.5.16 is not affected.
>>
>> Environment:
>> - Linux 5.6.3 (AMD64)
>> - nftables 0.9.4
>>
>> Trying to apply the ruleset:
>>
>> flush ruleset
>>
>> table ip filter {
>> chain test {
>> ip daddr vmap {
>> 10.255.1.0-10.255.1.255: accept,
>> 10.255.2.0-10.255.2.255: drop
>> }
>> }
>> }
>>
>> using nft results in an error on Linux 5.6.3:
>>
>> # nft -f simple.nft
>> simple.nft:7:19-5: Error: Could not process rule: File exists
>> ip daddr vmap {
>
> Thanks for reporting this issue. I can't test it right now, but:
>
> commit 72239f2795fab9a58633bd0399698ff7581534a3
> Author: Stefano Brivio <sbrivio@xxxxxxxxxx>
> Date: Wed Apr 1 17:14:38 2020 +0200
>
> netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion
>
> should be the fix for this. Can you try with that?
I tried your patch 72239f2795fab9a58633bd0399698ff7581534a3 and it
indeed fixes the problem. Thank you.
Kind regards
Thorsten
--
___
| | / E-Mail: linux@xxxxxxxxxxxxxxxxx
|horsten |/\nabe WWW: http://linux.thorsten-knabe.de
