search for: nf_table_check_loop

...low with some configurations. The attached test-case takes 5 seconds to validate on my test machine, during which time the CPU is locked up and the machine is unresponsive. Worse configurations are trivial to implement, locking the machine up for many minutes at a time. I'm not sure why, but nf_table_check_loops() seems comparatively fast. As far as I can see it walks over the ruleset in the same way as nft_table_validate() (although it doesn't always start from the root chains, so doesn't always check the whole ruleset). There are more efficient algorithms for checking for loops, and adding som...