From: wenxu <wenxu@xxxxxxxxx>
create a flowtable:
nft add table firewall
nft add flowtable firewall fb1 { hook ingress priority 2 \; devices = { tun1,
mlx_pf0vf0 } \; }
nft add chain firewall ftb-all {type filter hook forward priority 0 \; policy
accept \; }
nft add rule firewall ftb-all ct zone 1 ip protocol tcp flow offload @fb1
nft add rule firewall ftb-all ct zone 1 ip protocol udp flow offload @fb1
delete the related rule:
nft delete chain firewall ftb-all
The flowtable can be deleted
nft delete flowtable firewall fb1
But failed with: Device is busy
The nf_flowtable->use is not zero and overflow for unnecessary use counter
decrease..
Signed-off-by: wenxu <wenxu@xxxxxxxxx>
---
net/netfilter/nft_flow_offload.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index dd82ff2..b70b489 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -200,9 +200,6 @@ static void nft_flow_offload_activate(const struct nft_ctx *ctx,
static void nft_flow_offload_destroy(const struct nft_ctx *ctx,
const struct nft_expr *expr)
{
- struct nft_flow_offload *priv = nft_expr_priv(expr);
-
- priv->flowtable->use--;
nf_ct_netns_put(ctx->net, ctx->family);
}
--
1.8.3.1
