Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Mon, Jun 25, 2012 at 04:02:05PM +0200, Florian Westphal wrote: > > partially reverts commit 54b07dca68557b0952585b5f4834cd0dd86eba35 > > (netfilter: provide config option to disable ancient procfs parts). > > > > Problem is that this also disabled net/stat/nf_conntrack, which > > is useful for diagnosing certain conntrack-related issues; and there > > are currently no other means to obtain these statistics from userspace. > > > > (conntrack-tools "conntrack -S" uses the proc interface, too...) > > I can pass the following patch to David. It implements the missing > code in ctnetlink to dump the statistics. Thus, conntrack doesn't use > any /proc interface anymore (the changes to conntrack still pending). Thanks, that would be fine, too. > If you're OK with it, I'll integrate this in a backward compatible way > (first try to use netlink, if not available, use /proc). Sounds good. > Still, I think that passing this to current may be useful. Although > you can workaround this by enable that option. What do you prefer? Ignore my patch. In the meantime people can NF_CONNTRACK_PROCFS=y; we just have to wait a bit (e.g. a year) before killing the nfct proc code completely. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
