Hi, Dňa Sun, 21 Jul 2024 13:29:44 +0100 "Kerin Millar" <kfm@xxxxxxxxxxxxx> napísal: > #!/bin/sh > set -e > tmpfile1= > tmpfile2= > trap 'rm -f -- "$tmpfile1" "$tmpfile2"' EXIT > tmpfile1=$(mktemp) > tmpfile2=$(mktemp) > cat > "$tmpfile1" > { > echo "delete element $* {"; sed 's/$/,/' "$tmpfile1"; echo "}" > echo "add element $* {"; sed 's/$/,/' "$tmpfile1"; echo "}" > } > "$tmpfile2" > nft -f "$tmpfile2" I play with that, i add one more "add" before "delete" and seems to work, except after boot... After boot the set is (obviously) empty, i try to fill it with something as: curl -s https://my_local_URL | ./nft-addset.sh inet fw4 myset | nft -f- But that fail with:: /dev/stdin:1:1-2: Error: Could not process rule: Out of memory add element inet fw4 myset { ^^ (The host has >6 GB of free RAM, the list has ~1700 items) Initially i blame IP duplicates in downloaded list of IPs, but that was unrelated to this error. When i remove the first "add" and "delete" lines from script (thus just one "add"), it works. After initial fill it works with all three commands (add+delete+add) on already filled set and even when i flush that set, it still works. Only first fill (after boot) ends with that error. When i delete and create that set, i got "Out of memory" again, the set is defined as:: table inet fw4 { set myset { type ipv4_addr last counter timeout 2d } } I tried to add "size" into it, but that doesn't help. I roughly remember, that i read something about some memory limit in container (i am not in container), but i am not able to find that again to check if that is problem. Please, what can cause that initial fill error, how i can debug/solve it? regards -- Slavko https://www.slavino.sk
Attachment:
pgpC80xxzlUIV.pgp
Description: Digitálny podpis OpenPGP