On Mon, Oct 17, 2022 at 6:50 PM Paolo Valerio wrote:
> Hello Ales,
>
Hi Paolo,
thank you for the feedback.
>
> overall the approach is ok, the only concern is that, unless I'm missing
> something, in case of many connections, the exact match deletion could
> potentially take a while, whereas
Hello Ales,
overall the approach is ok, the only concern is that, unless I'm missing
something, in case of many connections, the exact match deletion could
potentially take a while, whereas in the previous case the cost
was basically a lookup (constant time) and of course the remaining
deletion
Curreently in order to flush conntrack you would need to
specify full 5-tuple. Add support for partial match
it still has some limitations however it is capable of flushing
all that match specified field e.g. source ip address.
Reported-at: https://bugzilla.redhat.com/2120546
Signed-off-by: Ales
