Problem with creating a Set

[systemstart]

Hi.

I took the example about a blacklisting Set from here

When i run this code, nothing shows up with "nft list ruleset".
If I remove the Set related code and the Rule, at least Table and Chain show up in the current ruleset.

Without understanding all the wire format stuff it looks like the Set related things are breaking the batch issued with Flush().

Any hint?

[sbezverk]

@systemstart I just updated to the latest github.com/google/nftables and compiled one of modules which are using set and it looks good to me. See output below:

table ip istio_ipv4 {
	set 3848dbe075ec {
		type inet_service
		flags constant
		elements = { 11111, 22222 }
	}

	set ba08f184aa21 {
		type ipv4_addr
		flags constant,interval
		elements = { 1.1.1.0/24, 2.2.2.0/30 }
	}

	set 0cd0eb721db4 {
		type inet_service
		flags constant
		elements = { 23232, 44444, 55555 }
	}

For IPv6

table ip6 istio_ipv6 {
	set 662fa3397575 {
		type inet_service
		flags constant
		elements = { 11111, 22222 }
	}

	set c5bd82538a0e {
		type ipv6_addr
		flags constant,interval
		elements = { 2001:123::/64,
			     fe88:2345::/92 }
	}

I do not use directly google/nftables, I use my abstraction library, but at the end everything get translated into google/nftables.

[systemstart]

Thanks. I assume you are on latest google/nftables master?

I will try to rule out OS stuff by checking under a different Kernel version.

[sbezverk]

@systemstart Yes, I am on master of github.com/google/nftables. Please check out this library github.com/sbezverk/nftableslib , it might be helpful to get things going faster and without diving into what is on the wire ;)

[systemstart]

Time will drive me into a solution based on iptables.

I had a look at nftableslib, looks like the human interface to this netlink dialect.

Wonder who needs a non-human one.

Inappropriate Statements Department: out.

[systemstart]

Possible Layer 8 Error