Hi,

I will look to use the flowable netlink interface. I have not yet, but does this possible give the option of doing something like this:

flowtable ft {
	hook ingress priority filter
	devices = { lan1, lan2, wan }
	flags offload, timeout
}


I would say the above it the most flexible, I just didn’t explore that, it would kinda be like with ’sets’ where you can specify a timeout on when the entries should expire?


With regards to the IPS_OPPLOAD clear in flow_offload_del() then I added that because I saw some weird timeout side effects due to flow_offload_fixup_ct(), but I can re-investigate, it could be that it was early in my investigations and some of the other changes I made has made it obsolete.

Thanks
Michael