Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > So we only skip the flush if the table does not exist. > > > > Still not working though, hitting EEXIST on CHAIN_USER_ADD. > > The nfnl_unlock(subsys_id); is released after check the generation ID > in nfnetlink. > > This is rendering the generation ID useless. We need a kernel fix for > this. -v, the subsys mutex is released, but we do hold the transaction mutex. parallel batch that is incoming will block in nf_tables_valid_genid() until current transaction completes, then it will fail due to genid mismatch.
