Re: [PATCH] netfilter: remove CONFIG_NF_CT_ACCT

[Krzysztof Oledzki]

On Tue, 27 Oct 2009, Jiri Kosina wrote:

> On Thu, 22 Oct 2009, Jiri Kosina wrote:
>
> > I can see several issues with CONFIG_NF_CT_ACCT and I think it should be
> > removed for the following reasons:
> >
> > 1) the netlink seems broken for the (CONFIG_NF_CT_ACCT unset &&
> >    net.netfilter.nf_conntrack_acct set) scenario. In such case,
> >    ctnetlink_nlmsg_size() seems to miscompute the size of the message, as
> >    the CTA_COUNTERS_* are not counted in at all. Seems quite serious on a
> >    first glance.

Indeed, but this code was introduced very much later:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=2732c4e45bb67006fdc9ae6669be866762711ab5

> > 2) It has been marked as deprecated for quite some time, and was supposed
> >    to be removed in 2.6.29, but is apparently still with us.

Because it was decided that it cannot be simply removed so my initial 
patch was rejected.

> > 3) Spits confusing warnings into dmesg.


Yep. :|

> > All this since commit 584015727a3b ("netfilter: accounting rework:
> > ct_extend + 64bit counters (v4)").
> >
> > Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
> > ---
> >  Documentation/feature-removal-schedule.txt |    9 ---------
> >  Documentation/kernel-parameters.txt        |    3 +--
> >  net/netfilter/Kconfig                      |   22 ----------------------
> >  net/netfilter/nf_conntrack_acct.c          |   10 ----------
> >  net/netfilter/nf_conntrack_netlink.c       |    2 --
> >  5 files changed, 1 insertions(+), 45 deletions(-)
>
> Has this one been lost? (aka "ping").

-ETOBUSY :|

Also, please read http://lkml.org/lkml/2009/10/15/158

It would be great if you are able to provide a patch that addresses the 
remark about connbytes.

If not, I hope I should be able to deal with this during the weekend, 
eventually. ;)

Best regards,

				Krzysztof Olędzki