On Wed, Jun 19, 2013 at 12:47:18PM +0300, Tomasz Bursztyka wrote: > Hi Eric, > > >The patch > > netfilter: nf_tables: add insert operation > >adds support for inserting a rule after a handle. > > > >It is followed by the patch > > examples: add insert rule example > >which is the libnftables example. > > > >I choose to reuse the CREATE operation in the kernel code > >to avoid to add a new message to netlink. This way we have > >a sort of 'create after' syntax. This is almost natural IMHO. > > There is an issue however: notification. > I don't see how other clients are going to know where to put the > rule when updating there own list when they get notified. > > They will be notified that a rule as been added successfully, but > they will get it as an appended rule. This can be implemented in user-space. The user-space daemon can keep a cache of the ordered rule-set. Thus, it can guess the position of the rule-set from the handle. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
