[Bug 1680] Trying to delete offloaded flow with conntrack results in EBUSY
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu May 18 12:56:00 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1680
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
There is a kernel patch to allow for this, starting 6.3
commit 9b7c68b3911aef84afa4cbfc31bce20f10570d51
Author: Paul Blakey <paulb at nvidia.com>
Date: Wed Mar 22 09:35:32 2023 +0200
netfilter: ctnetlink: Support offloaded conntrack entry deletion
Currently, offloaded conntrack entries (flows) can only be deleted
after they are removed from offload, which is either by timeout,
tcp state change or tc ct rule deletion. This can cause issues for
users wishing to manually delete or flush existing entries.
Support deletion of offloaded conntrack entries.
Example usage:
# Delete all offloaded (and non offloaded) conntrack entries
# whose source address is 1.2.3.4
$ conntrack -D -s 1.2.3.4
# Delete all entries
$ conntrack -F
it should be possible to cherry-pick it to earlier kernel versions.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230518/f2a05f43/attachment.html>
More information about the netfilter-buglog
mailing list