Hi Pablo, On Fri, 2023-08-11 at 14:20 +0200, Pablo Neira Ayuso wrote: > On Thu, Aug 10, 2023 at 02:30:30PM +0200, Thomas Haller wrote: > > If the reentrant versions of the functions are available, use them > > so > > that libnftables is thread-safe in this regard. > > At netlink sequence tracking is not thread-safe, users hit EILSEQ > errors when multiple threads recycle the same nft_ctx object. Updates > are serialized by mutex per netns, batching is usually the way to go > to amortize the cost of ruleset updates. The problem already happens when one thread is using libnftables and another thread calls one of those libc functions at an unfortunate moment. It doesn't require multi-threaded uses of libnftables itself. Also, why couldn't you have two threads, handling one netns each, with separate nft_ctx objects? > Are you planning to have a user of libnftables that is multi-thread? No, I don't :) I was just interested in this topic. Thomas
