Krzysztof Oledzki wrote:
Why do anything global at all? Its not needed unless connbytes is used
(or something in userspace, which we can't detect), and that affects
only a single namespace.
To enable it before the first packet?
We can't do that since we don't know whether it will be used at all.
A namespace starting after a different one has already used it will
have it enabled from the beginning. The first one won't however
unless you enable it whenever the module is enabled, at which point
the sysctl becomes useless.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
