Alexis PIRES

Look at my test function, I send 1 table, 1 chain and 2 rules in a single transaction

I understand your concern. The same problem appeared to nft tool and the same assumptions were made, which makes them acceptable to me. Look at this commit : http://git.netfilter.org/nftables/commit/?id=bb32d8db9a125d9676f87866e48ffbf0221ec16a >...

Today there's only two way to delete or replace a rule with this library: - Using UserData and put a custom userland id (not standard), then fetch all rules and...

@stapelberg @sbezverk I'm trying to improve my loop control and I'm not sure about the best way to accomplish it. By using strace I see that nftables do a select...

I made a proto with select, what do you think? **conn_linux.go** (from github.com/mdlayher/netlink) ```go func (c *conn) Select() (int, error) { var fdSet unix.FdSet fdSet.Zero() fdSet.Set(c.s.FD()) n, err := unix.Select(c.s.FD()+1,...

I just added a more robust test suites (4096 rules added in // by 16 workers) with assert which rely on UserData to check Handle value.

Cleaner version below, but both works and are reliable. ```diff diff --git a/conn.go b/conn.go index 6a552d8..34cf0b9 100644 --- a/conn.go +++ b/conn.go @@ -17,7 +17,6 @@ package nftables import ( "fmt"...

> @alexispires could you please demonstrate that with this approach you can create rules with a reference to anonymous set. The reason for this request is the fact that creation...

@sbezverk ok no problem, i'll come back to you

It looks good: ```bash Before flush rule Handle is 0 After flush rule Handle is 3 table ip filter { chain nfpoc { type filter hook postrouting priority 0; policy...