Tim Gardner wrote:
On 06/22/2010 12:12 AM, Patrick McHardy wrote:
Tim Gardner wrote:
Hi,
I noticed some noise in my server log, so I thought it might be time to
finish this deprecation. One concern I have is about xt_connbytes. The
Kconfig for NETFILTER_XT_MATCH_CONNBYTES used to 'SELECT NF_CT_ACCT'
which forced nf_conntrack.acct=1. As long as the value of
NF_CT_ACCT_DEFAULT
remains 1, then xt_connbytes should be OK.
Yeah, but we need to take care of the other case anyways. As I've
repeatedly stated, connbytes needs to enable accounting when the
first rule using it is added.
I thought you might say that. Lemme see what I can come up with.
It should be quite easy, we have the namespace available in current
kernels in xt_mtchk_param->net, so basically all you need to do is
move the nf_ct_acct parameter to the per-namespace data and enable
it once a rule is added.
Let me know if you have any questions.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
