Phil Sutter <phil@xxxxxx> wrote: > On Thu, Sep 28, 2023 at 10:07:51PM +0200, Florian Westphal wrote: > > I don't really like it though because misbehaving userspace > > can lock out writers. > > Make them inactive and free only after the dump is done? IIUC, > nft_active_genmask() will return true again though after the second > update, right? Yes, however, in case of update and 'reset dump', we'll set the NLM_F_DUMP_INTR flag, so userspace would restart the dump. AFAIU, this means the original values of 'already-reset' counters are lost given nft will restart the 'reset dump'. Alternative is make nft not restart if reset-dump was requested, but in that case the dump can be incomplete.
