]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 043a272)
segtree: don't trigger error on exact overlaps
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 13 Dec 2016 00:34:15 +0000 (01:34 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 13 Dec 2016 00:34:15 +0000 (01:34 +0100)
So adding the same element doesn't trigger any error:

 # nft add element filter bogons { 3.3.3.123/24 }
 # nft add element filter bogons { 3.3.3.123/24 }

Still kernel reports an error if we use create instead:

 # nft create element filter bogons { 3.3.3.123/24 }
 <cmdline>:1:1-46: Error: Could not process rule: File exists
 create element filter bogons { 3.3.3.123/24 }
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/segtree.c patch | blob | blame | history

diff --git a/src/segtree.c b/src/segtree.c
index 45e5f5b22e2ea9edc64ec826a8cf39cdbd7c900b..5b6cdd1d770db70e9b2faee7899fe29a79154d19 100644 (file)
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -336,6 +336,10 @@ static unsigned int expr_to_intervals(const struct expr *set,
 static bool interval_overlap(const struct elementary_interval *e1,
                             const struct elementary_interval *e2)
 {
+       if (mpz_cmp(e1->left, e2->left) == 0 &&
+           mpz_cmp(e1->right, e2->right) == 0)
+               return false;
+
        return (mpz_cmp(e1->left, e2->left) >= 0 &&
                mpz_cmp(e1->left, e2->right) <= 0) ||
               (mpz_cmp(e1->right, e2->left) >= 0 &&
Mirror of git://git.netfilter.org/nftables