I have an IPv4 set with timeout 2d, but update its elements to 4d when
a rule matches. It was fine until kernel is updated to 6.12.6 or 6.12.7.
E.g. the following snippet gives an error when importing:
table inet blocker {
set spam_ips {
type ipv4_addr
size 65535
flags dynamic,timeout
timeout 2d
elements = { 1.2.3.4 expires 3d }
}
}
a.nft:7:16-22: Error: Could not process rule: Numerical result out of range
elements = { 1.2.3.4 expires 3d }
^^^^^^^
kernel 6.10.6 worked just fine. nftables cli v1.1.1.
Despite I can't import the set, existing elements can still be updated
to timeout more that 2d.
A new bug? Or a new limitation?
--
Best regards,
lilydjwg
