From: Florian Westphal <fw@strlen.de>
To: Antonio Ojea <aojea@google.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Eric Dumazet <edumazet@google.com>,
netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] selftests: nft_queue: conntrack expiration requeue
Date: Tue, 21 Oct 2025 14:18:18 +0200 [thread overview]
Message-ID: <aPd6Ch7h6wdJa-eE@strlen.de> (raw)
In-Reply-To: <CAAdXToRzRoCX4Cvwifq9Yr7U663o4YLCh1VC=_yhAYqAUZsvUA@mail.gmail.com>
Antonio Ojea <aojea@google.com> wrote:
> > Does it start to work for new flows when you add a rule like
> > 'ct label foo'?
>
> It does work, but it still shows the error
>
> conntrack -U -d 10.244.2.2 --label-add test
> tcp 6 86382 ESTABLISHED src=10.244.1.8 dst=10.244.2.2 sport=39133
> dport=8080 src=10.244.2.2 dst=10.244.1.8 sport=8080 dport=39133
> [ASSURED] mark=0 use=2 labels=test,net
> conntrack v1.4.8 (conntrack-tools): Operation failed: No space left on device
Looks like one needs to set a label somewhere, no need for it to match.
chain never { ct label set foo }
makes this work for me.
We could change this so that *checking* a label also turns on the
extension infra.
Back then i did not want to allocate the extra space for
the extensions and i did not want to add to a new sysctl either.
So I went with 'no rules that adds one, no need for ct label
extension space allocation'.
next prev parent reply other threads:[~2025-10-21 12:18 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-20 20:08 [PATCH] selftests: nft_queue: conntrack expiration requeue Antonio Ojea
2025-10-20 20:55 ` Florian Westphal
2025-10-20 21:23 ` Antonio Ojea
2025-10-20 22:08 ` Florian Westphal
2025-10-21 10:40 ` Antonio Ojea
2025-10-21 10:45 ` Florian Westphal
2025-10-21 12:05 ` Antonio Ojea
2025-10-21 12:18 ` Florian Westphal [this message]
2025-10-21 21:57 ` Antonio Ojea
2025-10-22 11:26 ` Florian Westphal
2025-10-22 14:15 ` Antonio Ojea
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aPd6Ch7h6wdJa-eE@strlen.de \
--to=fw@strlen.de \
--cc=aojea@google.com \
--cc=edumazet@google.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.