On Tue, Jul 23, 2024 at 03:30:07PM -0400, Eric Garver wrote:
> This patch fixes the failures around the index keyword. I see one more
> issue around set entries.
>
> Notably, if the set add and element add are on separate lines (and thus
> round trips to the kernel) then the issue is not seen. Perhaps there are
> more instances with other stateful objects.
>
> --->8---
>
> # cat /tmp/foo
> add table inet foo
> add set inet foo bar { type ipv4_addr; flags interval; }; add element inet foo bar { 10.1.1.1/32 }
> add element inet foo bar { 10.1.1.2/32 }
Thanks for your reproducer.
I have reverted it:
https://git.netfilter.org/nftables/commit/?id=93560d0117639c8685fc287128ab06dec9950fbd
This needs more work and tests.
