Hi! Probably the best way to fix for the segfaults caused by Florian's cache rebuild logic in iptables-nft is to introduce reference counts so we don't have to care about whether a given object is present only in cache or also in a batch job.
Unlike nftables, iptables-nft code uses libnftnl data structures instead of its own ones. I wonder if it is OK to add refcounts to libnftnl types instead of implementing wrapper structures for everything in iptables-nft. What do you think? Cheers, Phil
