On Sun, Mar 26, 2023 at 07:17:48PM +0300, Serg wrote:
> Eric, thank you a lot! Your suggestion solved my issue.
>
> For anyone interested, I will describe this situation in more details.
>
> My nftables configuration consists of the main file (basically, it contains
> all logic and then includes child files which contain only single set per
> each). Set-files are written as follows:
> table netdev filter {
> set mySet {
> typeof ip saddr
> flags interval
> elements = { lots-of-entries-here, ...,
> i-had-913-entries-when-problem-happened }
> }
> }
>
> As were mentioned by Eric, to workaround this issue all you need is to
> create "smaller 'add' pieces". Given that, we will have set-files look like
> this:
> add element netdev filter mySet { lots-of-entries-here }
> ...
> add element netdev filter mySet { i-had-913-entries-when-problem-happened }
>
> Also you might want to add this line to the beginning of the file to ensure
> your set will be clean from removed entries (i.e. after set file was
> regenerated by a 3rd party script):
> flush set netdev filter mySet
You do not have to split your elements in individual commands.
Could you post some example reproducer? It would be also good to try
with lastest nftables version.
