On Tue, Feb 11, 2014 at 03:37:21PM +0200, Tomasz Bursztyka wrote:
> Hi Pablo,
>
> >Does it work the autochain load if you reload with rules in different
> >tables? eg. filter and raw.
>
> Indeed, no... While chasing a bug (patch 7 is the result) I forgot
> to do this simple test.
>
> I could overload struct builtin_table {} for that.
> But I just figured out another issue here, it will work if only we
> don't have /etc/xtables.conf file.
This is the way it should work with the file. That file provides a way
to enforce a chain configuration that will bypass the default chain
configuration.
> If you have such file, when xtables-restore will insert rules, it
> will always call nft_xtables_config_load() thus always trying to
> initialize tables that might be already there.
For xtables-restore, I think we should just initialize the chains once
when handling the ':' marker that we get from the standard input that
refers to the chain. With patch 7/8, we know if we're in the context
of a restore or not, thus you can use that to skip any sort of
chain initialization from the functions defined in nft.c.
> So there is a bigger fix here: I will add necessary stuff in handle
> to keep track of parsed file like tables and store which one has
> been initialized and not.
I think with the approach I'm describing above the patch should be
relatively small.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
