On Wed, May 15, 2013 at 04:54:46PM +0300, Tomasz Bursztyka wrote:
> Hi Pablo,
>
> >>>I was actually playing on my own with libnftables.
> >>>It's easy: dump the chain list, then change the policy on one chain
> >>>for instance, build the message to apply this change, send it...
> >>>
> >>>We haven't hit the bug yet anywhere, because no code does such
> >>>settings change after a dump, but we - or whatever app - surely will
> >>>at some point.
> >
> >We should document that. I have a patch to add the doxygen doc to
> >libnftables. I prefer that user is in control of this, instead of
> >adding internal workarounds to avoid tricky situations.
>
> As you want, but it will complicate things for the user a bit.
Going back to the kernel code (line 882):
if (nla[NFTA_CHAIN_HANDLE] && name)
nla_strlcpy(chain->name, name, NFT_CHAIN_MAXNAMELEN);
We can check in the chain name in the kernel and the name passed are
the same, in that case we skip nla_strlcpy.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
