On Wed, Dec 06, 2023 at 07:47:44AM +0100, Thomas Haller wrote: > On Tue, 2023-12-05 at 20:29 +0100, Florian Westphal wrote: > > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > feature probe script leave a ruleset in place, flush it once > > > probing is > > > complete. > > > > Perhaps change feature_probe() to always use 'unshare -n'? > > feature_probe already uses unshare, unless the caller opts out of it. I am opting out with -I as the patch title specifies. > Maybe don't do that. > > > Some scripts also create netdevices. > > Some tests also create netdevices and may not clean them up properly. > It's even desirable that tests don't clean them up, because it removes > boilerplate from tests. But more importantly: not deleting those > devices leaves a certain state after the test, that can be checked by > `.nft`/`.json-nft` dumps. I see, those were not a problem for me when running -U so far. > The mode without unshare exists for historic reasons, as unshare was > added initially. At this point, what is the use of supporting or using > that? This provides an easy way for me to test 'nft monitor'. I can keep it out of tree if you prefer -U remains broken.
