Hi, This is a second version for the patch series entitled: "support for anonymous non-base chains in nftables" [1] Changes since last patchset are: * The kernel dynamically allocates the (internal) chain name, unless userspace provides an chain name. * Remove the chain from the lists and decrement the reference counters before the commit path (from nft_data_release() path). This ensures no ongoing netlink dump over the chain list ends up walking over a chain object while being released. * Add nft_chain_add() in a new patch to re-add the chain into the list if the preparation phase fails, given that nft_data_release() now zaps the chain from the list. [1] https://marc.info/?l=netfilter-devel&m=159310902001476&w=2 Pablo Neira Ayuso (5): netfilter: nf_tables: add NFTA_RULE_CHAIN_ID attribute netfilter: nf_tables: add NFTA_VERDICT_CHAIN_ID attribute netfilter: nf_tables: expose enum nft_chain_flags through UAPI netfilter: nf_tables: add nft_chain_add() netfilter: nf_tables: add NFT_CHAIN_BINDING include/net/netfilter/nf_tables.h | 20 ++- include/uapi/linux/netfilter/nf_tables.h | 9 ++ net/netfilter/nf_tables_api.c | 158 +++++++++++++++++++---- net/netfilter/nft_immediate.c | 51 ++++++++ 4 files changed, 204 insertions(+), 34 deletions(-) -- 2.20.1
