nftables sets do not support overlapping ranges in ipsets with the interval flag enabled, unless explicitly enabled via auto-merge. This option has not yet been exposed by proxmox-nftables, so add it to the library. This requires at least nftables 1.1.0 to work, which is available since Debian trixie.
Signed-off-by: Stefan Hanreich <[email protected]> --- proxmox-nftables/src/types.rs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/proxmox-nftables/src/types.rs b/proxmox-nftables/src/types.rs index c613e64..c146d9c 100644 --- a/proxmox-nftables/src/types.rs +++ b/proxmox-nftables/src/types.rs @@ -500,6 +500,9 @@ pub struct SetConfig { #[serde(skip_serializing_if = "Option::is_none")] size: Option<i64>, + + #[serde(skip_serializing_if = "Option::is_none")] + auto_merge: Option<bool>, } impl SetConfig { @@ -512,6 +515,7 @@ impl SetConfig { timeout: None, gc_interval: None, size: None, + auto_merge: None, } } @@ -523,6 +527,11 @@ impl SetConfig { self.flags.push(flag); self } + + pub fn with_auto_merge(mut self, auto_merge: bool) -> Self { + self.auto_merge = Some(auto_merge); + self + } } #[derive(Clone, Debug, Deserialize, Serialize)] -- 2.47.3 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
