Enable storing CIDR elements in nftables sets (#3362)

yboaron · web-flow · commit acf1ca5e50bf · 2025-03-26T13:32:43.000+02:00
Signed-off-by: Yossi Boaron &lt;yboaron@redhat.com&gt;
diff --git a/pkg/packetfilter/nftables/namedset.go b/pkg/packetfilter/nftables/namedset.go
@@ -42,8 +42,9 @@ func (p *packetFilter) NewNamedSet(set *packetfilter.SetInfo) packetfilter.Named
 
 	return &namedSet{
 		set: knftables.Set{
-			Name: set.Name,
-			Type: setType,
+			Name:  set.Name,
+			Type:  setType,
+			Flags: []knftables.SetFlag{knftables.IntervalFlag},
 		},
 		nftables: p.nftables,
 	}
diff --git a/pkg/packetfilter/nftables/nftables_test.go b/pkg/packetfilter/nftables/nftables_test.go
@@ -362,17 +362,17 @@ var _ = Describe("Interface", func() {
 		err := set.Create(true)
 		Expect(err).To(Succeed())
 
-		err = set.AddEntry("entry1", false)
+		err = set.AddEntry("1.2.3.4", false)
 		Expect(err).To(Succeed())
-		assertEntries(set, "entry1")
+		assertEntries(set, "1.2.3.4")
 
-		err = set.AddEntry("entry2", false)
+		err = set.AddEntry("10.1.2.0/16", false)
 		Expect(err).To(Succeed())
-		assertEntries(set, "entry1", "entry2")
+		assertEntries(set, "1.2.3.4", "10.1.2.0/16")
 
-		err = set.DelEntry("entry1")
+		err = set.DelEntry("1.2.3.4")
 		Expect(err).To(Succeed())
-		assertEntries(set, "entry2")
+		assertEntries(set, "10.1.2.0/16")
 
 		err = set.Flush()
 		Expect(err).To(Succeed())
