Hi, On Tue, Aug 23, 2016 at 06:51:32PM +0200, Mikaël Fourrier wrote: > Hi, > > When I add an element in a set (same with maps) and the set already contains > the element, the command fails with an error. Worse: I try to add multiple > elements and at least one of these elements is already in the set, the > command fails without adding any element. Why do you use this semantic? It > would be more ergonomic if you could just add elements in a set without > checking its content. Just sent a patchset to address this. Two for kernel: http://patchwork.ozlabs.org/patch/662322/ http://patchwork.ozlabs.org/patch/662323/ Four for userspace (include two tests). http://patchwork.ozlabs.org/patch/662333/ http://patchwork.ozlabs.org/patch/662331/ http://patchwork.ozlabs.org/patch/662332/ http://patchwork.ozlabs.org/patch/662330/ # nft add set inet filter myset { type ipv4_addr\; } # nft add element inet filter myset { 0.0.0.0 } # nft add element inet filter myset { 0.0.0.0 } # nft create element inet filter myset { 0.0.0.0 } <cmdline>:1:1-45: Error: Could not process rule: File exists create element inet filter myset { 0.0.0.0 } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The 'create' command complains if the element exists, the 'add' command returns success if it already exists. This basically provides the same semantics that we have already in other objects. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
