One more thing:
On Wed, Mar 27, 2013 at 05:35:50PM +0100, Pablo Neira Ayuso wrote:
[...]
> > @@ -1650,8 +1639,8 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
> > else
> > list_add_rcu(&rule->list, &chain->rules);
> >
> > - if (flags & NFT_RULE_F_COMMIT) {
> > - err = nf_tables_dirty_add(rule, &ctx);
> > + if (transaction != NULL) {
> > + err = nf_tables_transaction_add(&ctx, transaction, rule);
> > if (err < 0) {
> > list_del_rcu(&rule->list);
> > goto err2;
We can still support incremental updates without transactions (ie.
adding/delete one single rule). However, if a non-transactional rule
update happens while there is an ongoing transaction, we'll have to
reject it with -EBUSY.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
