On Monday 2010-05-31 17:24, Patrick McHardy wrote: >Tobias Doerffel wrote: >> Removal of the CONFIG_NF_CT_ACCT was already scheduled for 2.6.29, >> therefore remove it now and set nf_conntrack.acct depending on >> CONFIG_NETFILTER_XT_MATCH_CONNBYTES. > >This has already been discussed multiple times. The connbytes >match needs accounting, so it needs to enable it when the first >rule containing a connbytes match is added. This needs to be >done in the namespace where the rule is added. If it is done as late as rule insertion, connbytes might match (or not - and thus be a problem) when there are still CTs around without a counter tuple. Hm. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
