Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx> wrote: > > Use the existing nf_tables_newobj(), if NLM_F_EXCL is not set on and > > the object exists, then this is an update. > > I agree on that. But I think that if we use the NFT_MSG_NEWOBJ there > will be some issues in the commit and the abort phase. That is why I > think "NFT_MSG_UPDOBJ" would be needed. See e.g. 'nft_trans_table_update()' -- we already do this for other structures/entities. You would need to extend the object handling to not remove an already-existed-object in case of an update if an abort is triggered.
