]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
libxt_connbytes: document nf_ct_acct behavior
authorJan Engelhardt <jengelh@medozas.de>
Tue, 17 Mar 2009 15:37:47 +0000 (16:37 +0100)
committerJan Engelhardt <jengelh@medozas.de>
Tue, 17 Mar 2009 15:37:49 +0000 (16:37 +0100)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
extensions/libxt_connbytes.man

index b5608a354c5ce96795b71b8f99529ed13e97df58..e475cae70135835f75241eb712b26619838b2842 100644 (file)
@@ -9,6 +9,12 @@ scheduled using a lower priority band in traffic control.
 .PP
 The transferred bytes per connection can also be viewed through
 `conntrack -L` and accessed via ctnetlink.
+.PP
+NOTE that for connections which have no accounting information, the match will
+always return false. The "net.netfilter.nf_conntrack_acct" sysctl flag controls
+whether \fBnew\fP connections will be byte/packet counted. Existing connection
+flows will not be gaining/losing a/the accounting structure when be sysctl flag
+is flipped.
 .TP
 [\fB!\fP] \fB\-\-connbytes\fP \fIfrom\fP[\fB:\fP\fIto\fP]
 match packets from a connection whose packets/bytes/average packet