Re: Creating a map programmatically using the C library libnftnl

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Thu, 30 Mar 2023 22:08:48 +0200

On Thu, Mar 30, 2023 at 09:55:53PM +0200, Florian Westphal wrote:
> Kiernan George <kbg98@xxxxxx> wrote:
> > That works to create the map, but when I go to add an element through
> > the command line it fails with this error:
> > 
> > root@laptop:/tmp# nft add element netdev example test2 { 1.1.1.1 .
> > 1111 : 2.2.2.2 }
> > Error: Could not process rule: File exists 
> > add element netdev example test2 { 1.1.1.1 . 1111 : 2.2.2.2 }
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>  
> > Do you have any insight?
> 
> Worksforme.  'File exists' hints that you are adding the same element
> again.  The key has to be unique, so:
> 
> add element netdev example test2 { 1.1.1.1 . 1111 : 2.2.2.2 }
> add element netdev example test2 { 1.1.1.1 . 1111 : 2.2.2.3 } // Fails even if value is different

For the record: error reporting for slightly better with recent kernels and
nft userspace.

# nft add element x y { 1.1.1.1 : 20 }
# nft add element x y { 1.1.1.1 : 21 }
Error: Could not process rule: File exists
add element x y { 1.1.1.1 : 21 }
                  ^^^^^^^