Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | evaluate: attempt to set_eval flag if dynamic updates requested | Florian Westphal | 2022-01-11 | 1 | -0/+32 |
When passing no upper size limit, the dynset expression forces an internal 64k upperlimit. In some cases, this can result in 'nft -f' to restore the ruleset. Avoid this by always setting the EVAL flag on a set definition when we encounter packet-path update attempt in the batch. Reported-by: Yi Chen <yiche@redhat.com> Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de> |