Hi Phil,
I know this is applied, but one late question.
On Wed, Aug 13, 2025 at 07:07:19PM +0200, Phil Sutter wrote:
> @@ -806,6 +815,29 @@ static int table_parse_udata_cb(const struct nftnl_udata *attr, void *data)
> return 0;
> }
>
> +static int version_cmp(const struct nftnl_udata **ud)
> +{
> + const char *udbuf;
> + size_t i;
> +
> + /* netlink attribute lengths checked by table_parse_udata_cb() */
> + if (ud[NFTNL_UDATA_TABLE_NFTVER]) {
> + udbuf = nftnl_udata_get(ud[NFTNL_UDATA_TABLE_NFTVER]);
> + for (i = 0; i < sizeof(nftversion); i++) {
> + if (nftversion[i] != udbuf[i])
> + return nftversion[i] - udbuf[i];
> + }
> + }
> + if (ud[NFTNL_UDATA_TABLE_NFTBLD]) {
> + udbuf = nftnl_udata_get(ud[NFTNL_UDATA_TABLE_NFTBLD]);
> + for (i = 0; i < sizeof(nftbuildstamp); i++) {
> + if (nftbuildstamp[i] != udbuf[i])
> + return nftbuildstamp[i] - udbuf[i];
> + }
> + }
One situation I was considering:
1.0.6.y (build today) in the host
1.1.5 (build n days ago) in the container
This will display the warning.
I suggested to use build time only when version is the same?
If the scenario is nftables in the host injects tables into container,
then host binary will likely be updated more often.
IIUC, the build time here will actually determine when the warning is
emitted, regardless the version.
