Hi, I noticed the selective conntrack flushing in fw3; looking into the code it only gets active when there's a difference between the cached IP in the __addr list and the current IP addresses in use. In this case the selective conntrack flushing is done for the old_addr. In the error case nf_conntrack displays the following entry : ipv4 2 icmp 1 9 src=192.168.1.10 dst=192.30.252.131 type=8 code=0 id=8323 packets=6 bytes=504 [UNREPLIED] src=192.30.252.131 dst=192.168.1.10 type=0 code=0 id2
Looking into the netfilter_conntrack_flush patch only the connections will be flushed which match the passed address; as fw3 is passing an old cached address when there's a difference the above printed icmp connection will not be flushed as there's no match or is my assumption wrong ? Thx, Hans On Wed, Feb 11, 2015 at 8:30 PM, Jo-Philipp Wich <j...@openwrt.org> wrote: > Hi, > > theoretically the selective conntrack flushing of fw3 should take care > of that. Can you investigate why it is not the case for you? > > ~ Jow > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel