On Fri, Apr 04, 2014 at 11:24:32AM -0400, David Miller wrote: > From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > Date: Tue, 11 Mar 2014 10:19:11 +0100 > > > The following patchset provides a socket filtering alternative to BPF > > which allows you to define your filter using the nf_tables expressions. > > Generally I like this series, but of course you will need to respin > it against the work that went into net-next recently. Sure, no problem. > I only wonder about the expression implementation module loading > logic when we add an nft filter to a socket. Yes, that needs to be revisited, some people already rised concerns on that. > It seems that if the module doesn't exist, we return -EAGAIN, drop the > mutex, and retry. I see nothing which breaks this loop, it seems like > it can run forever if a module is simply not present. Will recheck this as well. Thanks for the feedback. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
