From: Jan Engelhardt <jengelh@medozas.de>
Date: Tue, 17 Mar 2009 15:37:47 +0000 (+0100)
Subject: libxt_connbytes: document nf_ct_acct behavior
X-Git-Tag: v1.4.3~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=71bc61f926ca2d8ec57d9fbd698c2af32c9a9f64;p=thirdparty%2Fiptables.git

libxt_connbytes: document nf_ct_acct behavior

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---

diff --git a/extensions/libxt_connbytes.man b/extensions/libxt_connbytes.man
index b5608a35..e475cae7 100644
--- a/extensions/libxt_connbytes.man
+++ b/extensions/libxt_connbytes.man
@@ -9,6 +9,12 @@ scheduled using a lower priority band in traffic control.
 .PP
 The transferred bytes per connection can also be viewed through
 `conntrack -L` and accessed via ctnetlink.
+.PP
+NOTE that for connections which have no accounting information, the match will
+always return false. The "net.netfilter.nf_conntrack_acct" sysctl flag controls
+whether \fBnew\fP connections will be byte/packet counted. Existing connection
+flows will not be gaining/losing a/the accounting structure when be sysctl flag
+is flipped.
 .TP
 [\fB!\fP] \fB\-\-connbytes\fP \fIfrom\fP[\fB:\fP\fIto\fP]
 match packets from a connection whose packets/bytes/average packet