On Wed, May 15, 2013 at 04:54:46PM +0300, Tomasz Bursztyka wrote: > Hi Pablo, > > >>>I was actually playing on my own with libnftables. > >>>It's easy: dump the chain list, then change the policy on one chain > >>>for instance, build the message to apply this change, send it... > >>> > >>>We haven't hit the bug yet anywhere, because no code does such > >>>settings change after a dump, but we - or whatever app - surely will > >>>at some point. > > > >We should document that. I have a patch to add the doxygen doc to > >libnftables. I prefer that user is in control of this, instead of > >adding internal workarounds to avoid tricky situations. > > As you want, but it will complicate things for the user a bit. Going back to the kernel code (line 882): if (nla[NFTA_CHAIN_HANDLE] && name) nla_strlcpy(chain->name, name, NFT_CHAIN_MAXNAMELEN); We can check in the chain name in the kernel and the name passed are the same, in that case we skip nla_strlcpy. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html