Hi Florian, This series looks good to me. Regarding 3/5, I don't see any fix or anything silly in this. >nftables audit log format unfortunately leaks an implementation detail, the >transaction log size, to userspace: > > table=t1 family=2 entries=4 op=nft_register_set > ~~~~~~~~~ > >This 'entries' key is the number of transactions that will be applied. To my understanding, entries= is the number of entries that are either added or updated in this transaction. Before this patch, there was a 1:1 mapping between transaction and elements, now this is not the case anymore. If entries= exposes only the number of transactions, then this becomes useless to userspace? In iptables, it shows the number of entries in the table after the update.