Hi Pablo,
But the handle number is built into the netlink message if the client
sets the NFT_CHAIN_ATTR_HANDLE. Looking at iptables-nftables, that
only happens in nft_chain_user_rename.
This seems to me like the client needs to be fixed not to set both
attributes at the same time (unless it wants a chain rename).
Where are you hitting this?
I was actually playing on my own with libnftables.
It's easy: dump the chain list, then change the policy on one chain for
instance, build the message to apply this change, send it...
We haven't hit the bug yet anywhere, because no code does such settings
change after a dump, but we - or whatever app - surely will at some point.
Tomasz
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html