On Wed, Feb 20, 2013 at 12:02:28AM +0100, Patrick McHardy wrote: > Hi Pablo, > > just going through the commits to the nftables tree of the past two months, > this one caught my eye: Great, please let me know if you find more stuff to discuss. > Commit a85bea2a (netfilter: nf_tables: complete net namespace support) adds > per-NS af_info lists and registers the IPv4/IPv6/Bridge AFs in every NS. > I don't get the point of this at all, when the module is loaded, the AFs > will be registered in every namespace anyways, there's no way to have it > registered in just a subset of the namespaces, so why do this at all? > > From what I can tell, this patch can simply be reverted again. We need an empty table list for each family in each namespace. Otherwise registered tables will be globally visible in every existing namespace. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
