Phil Sutter wrote:
> In order to improve performance in 'nft -f' as well as xtables-restore
> with very large rulesets, we need to store rules by chain they belong
> to. In order to avoid pointless code duplication, this should be
> supported by libnftnl.
Unfortunately we still need to change
Phil Sutter wrote:
> Relevant code for this was already present (short option '-c'), just the
> long option definition was missing.
Applied, thanks.
Relevant code for this was already present (short option '-c'), just the
long option definition was missing.
While being at it, add '-c' to help text.
Signed-off-by: Phil Sutter
---
iptables/xtables-arp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
masquerade modules register notifier and that should not be
double-registered. so that these modules manage reference counter.
If already notifiers are registered, it just return success.
But there is unsafe scenario.
test commands:
while :
do
modprobe ip6t_MASQUERADE &
This patch series fix notifier registration bugs.
First patch adds error handling code for failure of notifier registration.
notifier registration can be failed. so that error handling code are needed.
Second patch fixes double-register bug in masqerade modules.
In order to protect
register_{netdevice/inetaddr/inet6addr}_notifier returns value that
could be error value. so that error handling code are needed.
Signed-off-by: Taehee Yoo
---
v2:
- Add second patch
- return success when notifier is already registered. (Florian Westphal)
v1: Initial patch