On Tue, Jul 23, 2024 at 05:09:12PM +0200, Phil Sutter wrote: [...] > I don't like the commit because it breaks with the assumption that > kernel genid matching cache genid means cache is up to date. It may > indeed be, but I think it's thin ice and caching code is pretty complex > as-is. :/ Right. It is possible to retrieve the generation ID from the batch via NLM_F_ECHO and the NFT_MSG_GETGEN to answer the question: "Was it myself that has updated the ruleset last time?". And this needs a lot more tests for -i/--interactive which is a similar path to what daemons will exercise to ensure cache consistency.
