On Wed, 5 Jan 2022 14:19:54 +0100
Florian Westphal <fw@xxxxxxxxx> wrote:
> This is needed in case a new transaction is made that doesn't insert any
> new elements into an already existing set.
>
> Else, after second 'nft -f ruleset.txt', lookups in such a set will fail
> because ->lookup() encounters raw_cpu_ptr(m->scratch) == NULL.
>
> For the initial rule load, insertion of elements takes care of the
> allocation, but for rule reloads this isn't guaranteed: we might not
> have additions to the set.
>
> Fixes: 3c4287f62044a90e ("nf_tables: Add set type for arbitrary concatenation of ranges")
> Reported-by: etkaar <lists.netfilter.org@xxxxxxx>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Reviewed-by: Stefano Brivio <sbrivio@xxxxxxxxxx>
--
Stefano
