Hi,
I will look to use the flowable netlink interface. I have not yet, but does this possible give the option of doing something like this:
flowtable ft {
hook ingress priority filter
devices = { lan1, lan2, wan }
flags offload, timeout
}
I would say the above it the most flexible, I just didn’t explore that, it would kinda be like with ’sets’ where you can specify a timeout on when the entries should expire?
With regards to the IPS_OPPLOAD clear in flow_offload_del() then I added that because I saw some weird timeout side effects due to flow_offload_fixup_ct(), but I can re-investigate, it could be that it was early in my investigations and some of the other changes I made has made it obsolete.
Thanks
Michael
