On Wed, Aug 21, 2019 at 11:26:02AM +0200, Phil Sutter wrote: [...] > +/* XXX: move this into libnftnl, replacing nftnl_set_lookup() */ > +static struct nftnl_set *nft_set_byname(struct nft_handle *h, > + const char *table, const char *set) Probably extend libnftnl to allow to take a pointer to a nftnl_set object, as an alternative to the set name? The idea is that this set object now belongs to the lookup extension, so this extension will take care of releasing it from the destroy path. Then, the lookup extension will have a pointer to the anonymous set so you could then skip the cache code (and all the updates to have access to it). Anonymous sets can only be attached to one rule and they go away when the rule is released. Then, flushing the rule would also release this object.
