Jan Engelhardt wrote: > On Monday 2010-05-31 17:24, Patrick McHardy wrote: >> Tobias Doerffel wrote: >>> Removal of the CONFIG_NF_CT_ACCT was already scheduled for 2.6.29, >>> therefore remove it now and set nf_conntrack.acct depending on >>> CONFIG_NETFILTER_XT_MATCH_CONNBYTES. >> This has already been discussed multiple times. The connbytes >> match needs accounting, so it needs to enable it when the first >> rule containing a connbytes match is added. This needs to be >> done in the namespace where the rule is added. > > If it is done as late as rule insertion, connbytes might match (or > not - and thus be a problem) when there are still CTs around without > a counter tuple. Hm. Yeah, we also discussed that part, but we can't do any better. The alternative for people is to manually enable it when loading conntrack. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
