Re: [PATCH nf-next v4 0/5] netfilter: nf_tables: reduce set element transaction size

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Florian,

This series looks good to me.

Regarding 3/5, I don't see any fix or anything silly in this.

>nftables audit log format unfortunately leaks an implementation detail, the
>transaction log size, to userspace:
>
>    table=t1 family=2 entries=4 op=nft_register_set
>                      ~~~~~~~~~
>
>This 'entries' key is the number of transactions that will be applied.

To my understanding, entries= is the number of entries that are either
added or updated in this transaction.

Before this patch, there was a 1:1 mapping between transaction and
elements, now this is not the case anymore.

If entries= exposes only the number of transactions, then this becomes
useless to userspace?

In iptables, it shows the number of entries in the table after the
update.




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux