On 15. apríla 2025 15:54:15 UTC, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>On Tue, Apr 15, 2025 at 03:22:52PM +0000, Slavko wrote:
>> Now i add one network, and one or two seconds later second
>> network::
>>
>> nft add element inet filter testset "{ 192.168.1.0/24 }"
>> sleep 1
>> nft add element inet filter testset "{ 192.168.2.0/24 }"
>>
>After this update, two different intervals with different timeouts are
>added.
OK, that is good, and IMO expected.
>> Another example is to add subnet of existing element, currently
>> the new subnet is not added (or is merged into existing without
>> timeout change). How it will work with this new behavior? Will be
>> both in set? Or error happens? Or something other?
>
>After this update, with subset, an error will be reported if the
>interval overlaps.
That is not good, it will break my current use case -- set filled
from BGP, as from time to time networks of different ASNs
overlaps. In really, i use auto-merge in this set just due this...
I hope, that in one big atomic add, all timeouts will be the same
(set is flushed in this atomic step), but one cannot do it in cycle
(with separate add), as even ms are compared...
regards
--
Slavko
https://www.slavino.sk/
