Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > >nftables audit log format unfortunately leaks an implementation detail, the > >transaction log size, to userspace: > > > > table=t1 family=2 entries=4 op=nft_register_set > > ~~~~~~~~~ > > > >This 'entries' key is the number of transactions that will be applied. > > To my understanding, entries= is the number of entries that are either > added or updated in this transaction. > > Before this patch, there was a 1:1 mapping between transaction and > elements, now this is not the case anymore. > > If entries= exposes only the number of transactions, then this becomes > useless to userspace? Hmm, I would need to know what this is supposed to be. Its not going to be the same in either case, iptables-legacy -A ... vs iptables-nft -A won't result in same entries due to the whole-table-replace paradigm and introduction of "update" mechanism also changes entries count. I think its fine now, but please feel free to rewrite the commit message if you think its needed.