mirror of
https://git.netfilter.org/nftables
synced 2026-01-26 10:34:27 +00:00
e83e32c8d1
The rework to reduce memory consumption has introduced a bug that result
in spurious EEXIST with large batches.
The code that tracks the start and end elements of the interval can add
the same element twice to the batch. This works with the add element
command, since it ignores EEXIST error, but it breaks the the create
element command.
Update this codepath to ensure both sides of the interval fit into the
netlink message, otherwise, trim the netlink message to remove them.
So the next netlink message includes the elements that represent the
interval that could not fit.
Fixes: 91dc281a82ea ("src: rework singleton interval transformation to reduce memory consumption")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>