Hi Eric,
The patch
netfilter: nf_tables: add insert operation
adds support for inserting a rule after a handle.
It is followed by the patch
examples: add insert rule example
which is the libnftables example.
I choose to reuse the CREATE operation in the kernel code
to avoid to add a new message to netlink. This way we have
a sort of 'create after' syntax. This is almost natural IMHO.
There is an issue however: notification.
I don't see how other clients are going to know where to put the rule
when updating there own list when they get notified.
They will be notified that a rule as been added successfully, but they
will get it as an appended rule.
Here it's a one shot usage: only on creating you need this info, so it
would be also provided on notification. Not on the dump obviously.
I don't see a direct solution here, since adding an attribute (or a new
flag to NFTA_RULE_FLAGS) would be going against current API design.
We have to sort this out.
Tomasz
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
