On Fri, Dec 17, 2021 at 7:04 PM Florian Westphal <fw@xxxxxxxxx> wrote: > Sure. But the patch is for the kernel. > I already mentioned that this doesn't handle anything for non-nat case. > > > > > Maybe 'conntrack -L unconfirmed' or 'conntrack -L dying' show something? > > Still stands. > > Also, is there really a discrepancy? Please show output of > > conntrack -C > conntrack -L | wc -l > conntrack -C > > "conntrack -L" reclaims dead/timed-out entries, conntrack -C currently > does not. Of course... It is an order of magnitude difference: # conntrack -L unconfirmed conntrack v1.4.4 (conntrack-tools): 0 flow entries have been shown. # conntrack -L dying conntrack v1.4.4 (conntrack-tools): 0 flow entries have been shown. # conntrack -C 88064 # conntrack -L | wc -l conntrack v1.4.4 (conntrack-tools): 7641 flow entries have been shown. 7641 # conntrack -C 87706 # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"
