netfilter: xt_connbytes: Force CT accounting to be enabled

Check at rule install time that CT accounting is enabled. Force it to be enabled if not while also emitting a warning since this is not the default state. This is in preparation for deprecating CONFIG_NF_CT_ACCT upon which CONFIG_NETFILTER_XT_MATCH_CONNBYTES depended being set. Added 2 CT accounting support functions: nf_ct_acct_enabled() - Get CT accounting state. nf_ct_set_acct() - Enable/disable CT accountuing. Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Acked-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Tim Gardner <tim.gardner@canonical.com> 2010-06-25 14:44:07 +0200
committer: Patrick McHardy <kaber@trash.net> 2010-06-25 14:44:07 +0200
commit: a8756201ba4189bca3ee1a6ec4e290f467ee09ab (patch)
tree: 309d40a10f68ffc971de4f16d26d16a0dccc0693 /net
parent: fe6fb552858f686f39e33d7b0a33fe56dacea0bf (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index 73517835303..5b138506690 100644
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -112,6 +112,16 @@ static int connbytes_mt_check(const struct xt_mtchk_param *par)
 	if (ret < 0)
 		pr_info("cannot load conntrack support for proto=%u\n",
 			par->family);
+
+	/*
+	 * This filter cannot function correctly unless connection tracking
+	 * accounting is enabled, so complain in the hope that someone notices.
+	 */
+	if (!nf_ct_acct_enabled(par->net)) {
+		pr_warning("Forcing CT accounting to be enabled\n");
+		nf_ct_set_acct(par->net, true);
+	}
+
 	return ret;
 }
author	Tim Gardner <tim.gardner@canonical.com>	2010-06-25 14:44:07 +0200
committer	Patrick McHardy <kaber@trash.net>	2010-06-25 14:44:07 +0200
commit	a8756201ba4189bca3ee1a6ec4e290f467ee09ab (patch)
tree	309d40a10f68ffc971de4f16d26d16a0dccc0693 /net
parent	fe6fb552858f686f39e33d7b0a33fe56dacea0bf (diff)