On Tue, 17 Mar 2009, Patrick McHardy wrote:
Krzysztof Oledzki wrote:
On Tue, 17 Mar 2009, Patrick McHardy wrote:
Krzysztof Oledzki wrote:
I'd say it has been long enough, but Jan raised a valid point.
We can't use the Kconfig selection anymore once we remove that
option, so we need a replacement to automatically enable counters.
So loading connbytes should enable accounting automatically. Fine, it is
doable. But how we want to handle it WRT to NS? Should it be enabled in
all NameSpaces or...?
Just the ones it is actually used in I'd say (i.e. in the checkentry
function for the current namespace).
OK, but AFAIK modules are not namespace dependly, so why only in actually
used one? This bugs me a little.
But using them is namespace dependant.
How?
Anyway, how about this:
sysctl net.netfilter.nf_conntrack_acct=0 -> disable accounting in this NS
sysctl net.netfilter.nf_conntrack_acct=1 -> enable accounting in this NS
sysctl net.netfilter.nf_conntrack_acct=-1 -> (default) use global value in this NS
Global value: by default 0 if connbytes is not loaded, 1 if it is.
Global value could be set with nf_conntrack.acct=0/1 (kernel) acct=0/1
(module) or sysctl (??? how global, NS independent sysctls are named???).
Doubts:
- should we set global value to 0 when unloading connbytes?
Best regards,
Krzysztof Olędzki
