From: Stephen Hemminger <shemminger@xxxxxxxxxx> Date: Wed, 15 Apr 2009 17:01:11 -0700 > The counters are the bigger problem, otherwise we could just free table > info via rcu. Do we really have to support: replace where the counter > values coming out to user space are always exactly accurate, or is it > allowed to replace a rule and maybe lose some counter ticks (worst case > NCPU-1). I say this case doesn't matter until someone can prove that it's any different from the IPTABLES replace operation system call executing a few microseconds earlier or later. There really is no difference, and we're making complexity out of nothing just to ensure something which isn't actually guarenteed right now. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
