On Mon, May 06, 2019 at 12:38:03AM +0200, Pablo Neira Ayuso wrote: > On Tue, Apr 30, 2019 at 10:56:14PM +0900, Taehee Yoo wrote: > > flow offload of CT can be deleted by the masquerade module. then, > > flow offload should be deleted too. but GC and data-path of flow offload > > do not check CT's status. hence they will be removed only by the timeout. > > > > GC and data-path routine will check ct->status. > > If IPS_DYING_BIT is set, GC will delete CT and data-path routine > > do not use it. > > Applied, thanks. For the record, I have edited to patch title to: "netfilter: nf_flow_table: do not flow offload deleted conntrack entries"
