Hi, On Sun, Oct 23, 2022 at 07:16:58PM +0200, Michael Lilja wrote: > When a flow is added to a flow table for offload SW/HW-offload > the user has no means of controlling the flow once it has > been offloaded. If a number of firewall rules has been made using > time schedules then these rules doesn't apply for the already > offloaded flows. Adding new firewall rules also doesn't affect > already offloaded flows. > > This patch handle flow table retirement giving the user the option > to at least periodically get the flow back into control of the > firewall rules so already offloaded flows can be dropped or be > pushed back to flow offload tables. > > The flow retirement is disabled by default and can be set in seconds > using sysctl -w net.netfilter.nf_flowtable_retire How does your ruleset look like? Could you detail your usecase? Thanks.
