Don't log conntrack non-failure

psiphon/common/tun/tun.go

@@ -170,7 +170,7 @@ type ServerConfig struct {
 	// logged as warnings only. This option is intended to support
 	// test cases on hosts without IPv6 and is not for production use;
 	// the packet tunnel server will still accept IPv6 packets and
-	// replay them to the tun device.
+	// relay them to the tun device.
 	// AllowNoIPv6NetworkConfiguration may not be supported on all
 	// platforms.
 	AllowNoIPv6NetworkConfiguration bool

psiphon/common/tun/tun_linux.go

@@ -190,6 +190,13 @@ func resetNATTables(
 		"--orig-src",
 		IPAddress.String())
 	if err != nil {
+
+		// conntrack exits with this error message when there are no flows
+		// to delete, which is not a failure condition.
+		if strings.Contains(err.Error(), "0 flow entries have been deleted") {
+			return nil
+		}
+
 		return common.ContextError(err)
 	}