Sven Auhagen <sven.auhagen@xxxxxxxxxxxx> wrote:
> I tested your patch but that leads to other problems.
How can this work then for UDP, which has no fin/rst bits?
Maybe this is needed? But I really do not understand any of this.
diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index a0571339239c..aed4994c1b6f 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -423,6 +423,7 @@ static void nf_flow_offload_gc_step(struct nf_flowtable *flow_table,
{
if (nf_flow_has_expired(flow) ||
nf_ct_is_dying(flow->ct) ||
+ !nf_conntrack_tcp_established(ct) ||
nf_flow_custom_gc(flow_table, flow))
flow_offload_teardown(flow);
