On 14/05/2020 14:48, Paul Blakey wrote: > To avoid conflicting policies, the policy is applied per zone on the first > act ct instance for that zone, and must be repeated in all further act ct > instances of the same zone. Is the scope of this the entire zone, or just offload of that zone to a specific device? Either way, the need to repeat the policy on every tc command suggests that there really ought to instead be a separate API for configuring conntrack offload policy, either per zone or per (zone, device) pair, as appropriate.
-ed
