On Mon, Aug 21, 2023 at 03:44:54PM +0800, Tony He wrote: > Hi, > > I am using Openwrt. The version is: > root@OpenWrt:/# cat /etc/openwrt_release > DISTRIB_ID='OpenWrt' > DISTRIB_RELEASE='23.05.0-rc2' > DISTRIB_REVISION='r23228-cd17d8df2a' > DISTRIB_TARGET='ipq806x/generic' > DISTRIB_ARCH='arm_cortex-a15_neon-vfpv4' > DISTRIB_DESCRIPTION='OpenWrt 23.05.0-rc2 r23228-cd17d8df2a' > DISTRIB_TAINTS='' > > And kernel is: > root@OpenWrt:/# uname -a > Linux OpenWrt 5.15.118 #0 SMP Mon Jun 26 11:20:39 2023 armv7l GNU/Linux > > > Seems that I can not use command " conntrack -U -p tcp -m 1" to change the mark. > root@OpenWrt:/# conntrack -L -p tcp |grep mark=0 |wc -l > conntrack v1.4.7 (conntrack-tools): 302 flow entries have been shown. > 302 > root@OpenWrt:/# conntrack -U -p tcp -m 1 > Operation failed: Not supported > conntrack v1.4.7 (conntrack-tools): Operation failed: Not supported Please, try this patch: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230821101751.4083-1-pablo@xxxxxxxxxxxxx/ > I need to add option "-f ipv4", but not all entries can be updated > successfully. "Protocol error" is reported. EPROTO means netlink sequence numbers are not fine, which might refer to another userspace bug. I made another patch, error handling was not robust in the -U case (no exit_error was used, instead printf). Also try this patch on of the previous patch. https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230821102739.4893-1-pablo@xxxxxxxxxxxxx/ Thanks for reporting.
