On Fri, Oct 26, 2012 at 12:02:56AM +0200, Jan Engelhardt wrote: > On Thursday 2012-10-25 19:06, Pablo Neira Ayuso wrote: > > >Hi, > > > >I've been working for a while to recover nf_tables kernel patches and > >to implement a compatibility layer so it can be used with existing > >x_tables target/match extensions. [...] > >2) Provide a fast path to merge this into mainstream. We'll have both > > iptables and nftables interfaces during some time in the Linux kernel, > > then remove iptables infrastructure at some point. iptables scripts > > would not break as we'll have the iptables emulation over nftables. > >[...] > >One final thing: nftables does not support atomic table commit. The > >point here is if we really need this for the emulation utility or we > >can live without that. Implementing atomic table replacement in > >nftables is not trivial. I have hard time to find this commit table > >feature useful. > > Meanwhile, I am on xtables2 that actually reproduces the set of > _really important_ features that currently are in the setsockopt > iptables, like atomic table replace and atomic dump. > > I have updated to the newest tree, and the first set is > available in the git repository at: > git://git.inai.de/linux xt2-20121025 If you think this feature is important, checkout nf_tables and think how to integrate this prototype code that provides atomic table replacement to it. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
