From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 13 Dec 2016 00:34:15 +0000 (+0100)
Subject: segtree: don't trigger error on exact overlaps
X-Git-Tag: v0.7~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd326af6d46b725c99fa8017a294c51876e486f7;p=thirdparty%2Fnftables.git

segtree: don't trigger error on exact overlaps

So adding the same element doesn't trigger any error:

 # nft add element filter bogons { 3.3.3.123/24 }
 # nft add element filter bogons { 3.3.3.123/24 }

Still kernel reports an error if we use create instead:

 # nft create element filter bogons { 3.3.3.123/24 }
 <cmdline>:1:1-46: Error: Could not process rule: File exists
 create element filter bogons { 3.3.3.123/24 }
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/segtree.c b/src/segtree.c
index 45e5f5b2..5b6cdd1d 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -336,6 +336,10 @@ static unsigned int expr_to_intervals(const struct expr *set,
 static bool interval_overlap(const struct elementary_interval *e1,
 			     const struct elementary_interval *e2)
 {
+	if (mpz_cmp(e1->left, e2->left) == 0 &&
+	    mpz_cmp(e1->right, e2->right) == 0)
+		return false;
+
 	return (mpz_cmp(e1->left, e2->left) >= 0 &&
 	        mpz_cmp(e1->left, e2->right) <= 0) ||
 	       (mpz_cmp(e1->right, e2->left) >= 0 &&