Jan Engelhardt wrote:
A forum made me (re)aware of Mar 15 18:20:25 wild-thing kernel: nf_conntrack version 0.5.0 (16384 buckets, 65536 max) Mar 15 18:20:25 wild-thing kernel: CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Plase use Mar 15 18:20:25 wild-thing kernel: nf_conntrack.acct=1 kernel paramater, acct=1 nf_conntrack module option or Mar 15 18:20:25 wild-thing kernel: sysctl net.netfilter.nf_conntrack_acct=1 to enable it. which prompted me to look into this a bit in detail. I was wondering which functionality I would lose on not setting nf_conntrack.acct. To my surprise, there is no loss of functionality, as the "nf_ct_acct" in nf_conntrack_acct.c nor /proc/sys/net/netfilter/nf_conntrack_acct which is the accompanied sysctl file cause the packet or byte counters to disappear from `conntrack -L` or /proc/net/nf_conntrack. Should the message be removed? Should the missing check for nf_ct_acct be included?
Currently the default is set based on the old config option. When unset, no acct-extend is allocated for *new* conntracks. The old ones that do have an acct-extend are still displayed. Does that explain your observation? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
