Linux Netfilter discussions
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Mike Dillinger <miked@softtalker.com>
Cc: netfilter@vger.kernel.org
Subject: Re: nftables Set Bug with interval & timeout Flags
Date: Wed, 6 Jan 2021 15:03:02 +0100	[thread overview]
Message-ID: <20210106140302.GA5857@salvia> (raw)
In-Reply-To: <5c90f2e3-76ac-1b00-1ca8-fab74bfd97cd@softtalker.com>

Hello Mike,

On Thu, Dec 10, 2020 at 09:35:35AM -0800, Mike Dillinger wrote:
[...]
> Step 4: Now restart nftables and observe the failure condition
> $ systemctl restart nftables.service
> $ nft list set ip filter test2
> table ip filter {
>         set test2 {
>                 type ipv4_addr
>                 flags interval,timeout
>                 counter
>                 timeout 10m
>                 gc-interval 1m
>                 elements = { 1.1.1.1 expires 9m48s864ms counter packets 0 bytes 0, 8.8.8.0/24 expires 9m48s864ms counter packets 0 bytes 0 }
>         }
> }
> 
> Note the timers reset when the service restarted even though they
> were saved to /etc/nftables.conf.  And again, this behavior is only
> present when the interval flag is set.  I have other sets of type
> ipv4_addr not using the interval flag and those timers are preserved
> on reset/reboot.

This is the fix for the issue you're observing:

https://patchwork.ozlabs.org/project/netfilter-devel/patch/20210106140119.10915-1-pablo@netfilter.org/

Thanks for reporting and for your patience.

  parent reply	other threads:[~2021-01-06 14:03 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-10 17:35 nftables Set Bug with interval & timeout Flags Mike Dillinger
2021-01-05  3:03 ` Mike Dillinger
2021-01-06 14:03 ` Pablo Neira Ayuso [this message]
2021-01-08  1:13   ` Mike Dillinger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210106140302.GA5857@salvia \
    --to=pablo@netfilter.org \
    --cc=miked@softtalker.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox