[Bug 1680] Trying to delete offloaded flow with conntrack results in EBUSY
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri May 19 01:31:11 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1680
--- Comment #3 from Demi M. Obenour <demiobenour at gmail.com> ---
(In reply to Pablo Neira Ayuso from comment #1)
> There is a kernel patch to allow for this, starting 6.3
>
> commit 9b7c68b3911aef84afa4cbfc31bce20f10570d51
> Author: Paul Blakey <paulb at nvidia.com>
> Date: Wed Mar 22 09:35:32 2023 +0200
>
> netfilter: ctnetlink: Support offloaded conntrack entry deletion
>
> Currently, offloaded conntrack entries (flows) can only be deleted
> after they are removed from offload, which is either by timeout,
> tcp state change or tc ct rule deletion. This can cause issues for
> users wishing to manually delete or flush existing entries.
>
> Support deletion of offloaded conntrack entries.
>
> Example usage:
> # Delete all offloaded (and non offloaded) conntrack entries
> # whose source address is 1.2.3.4
> $ conntrack -D -s 1.2.3.4
> # Delete all entries
> $ conntrack -F
>
> it should be possible to cherry-pick it to earlier kernel versions.
Should this patch be backported to stable releases?
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230518/a601f87c/attachment.html>
More information about the netfilter-buglog
mailing list