On Wed, May 15, 2013 at 04:06:26PM +0300, Tomasz Bursztyka wrote: > Hi Pablo, > >But the handle number is built into the netlink message if the client > >sets the NFT_CHAIN_ATTR_HANDLE. Looking at iptables-nftables, that > >only happens in nft_chain_user_rename. > > > >This seems to me like the client needs to be fixed not to set both > >attributes at the same time (unless it wants a chain rename). > > > >Where are you hitting this? > > > > I was actually playing on my own with libnftables. > It's easy: dump the chain list, then change the policy on one chain > for instance, build the message to apply this change, send it... > > We haven't hit the bug yet anywhere, because no code does such > settings change after a dump, but we - or whatever app - surely will > at some point. We should document that. I have a patch to add the doxygen doc to libnftables. I prefer that user is in control of this, instead of adding internal workarounds to avoid tricky situations. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
