When using 'ipset test' against a 'nomatch' entry in a 'net:hash' set, I get a kernel error of "Directory not empty". This is using linux-3.7.5 with ipset-6.16. A quick demonstration may be clearer than a verbose description. This shows creation of a net:hash ipset which works fine, except that'ipset test' against a 'nomatch' entry results in an error. What am I doing wrong? ------------------------------------------------------------------------ ~ # ipset create tester hash:net ~ # ipset add tester 192.168.0.0/24 ~ # ipset add tester 192.168.128.0/23 ~ # ipset list tester Name: tester Type: hash:net Revision: 2 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8572 References: 0 Members: 192.168.0.0/24 192.168.128.0/23 ~ # ipset test tester 192.168.129.1 192.168.129.1 is in set tester. ~ # ipset add tester 192.168.129.1 nomatch ~ # ipset list tester Name: tester Type: hash:net Revision: 2 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8604 References: 0 Members: 192.168.129.1 nomatch 192.168.0.0/24 192.168.128.0/23 ~ # ipset test tester 192.168.129.1 ipset v6.16: Kernel error received: Directory not empty ~ # ipset test tester 192.168.129.2 192.168.129.2 is in set tester. ~ # ipset test tester 10.100.200.1 10.100.200.1 is NOT in set tester. ~ # ipset test tester 192.168.129.1 ipset v6.16: Kernel error received: Directory not empty ~ # ipset test tester 192.168.129.1 192.168.129.1 is NOT in set tester. ~ # ipset add tester 192.168.129.1/32 nomatch ~ # ipset test tester 192.168.129.1 ipset v6.16: Kernel error received: Directory not empty ------------------------------------------------------------- -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
