I'm looking at the nftables transaction code and wondering about the semantics of GET operations intermixed with ADD/DEL operations: AFAIK there are currently some inconsistencies: - new sets get marked as inactive and invisible to GET until the transaction is supported. So ADD set GET set will return ENOENT. - Rule GET operations OTOH don't care about the activeness of the rule at all, so DEL rule GET rule will return the rule even though it is actually deleted. ADD rule GET rule transaction fail Will equally return the rule even though it will afterwards not be present. So the general question is how to properly handle this. GET operations should obviously take activeness into account and not return deleted objects. The next question would be how to handle failed transactions. We should obviously only return new objects if the transaction actually succeeds, so I guess this means handling GET requests in the commit path. Any thoughts? Not sure if I missed something important. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
