2 files changed, 22 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack_acct.h b/include/net/netfilter/nf_conntrack_acct.h
index 03e218f0be43..4e9c63a20db2 100644
--- a/include/net/netfilter/nf_conntrack_acct.h
+++ b/include/net/netfilter/nf_conntrack_acct.h
@@ -45,6 +45,18 @@ struct nf_conn_counter *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp)
 extern unsigned int
 seq_print_acct(struct seq_file *s, const struct nf_conn *ct, int dir);
+/* Check if connection tracking accounting is enabled */
+static inline bool nf_ct_acct_enabled(struct net *net)
+{
+        return net->ct.sysctl_acct != 0;
+}
+/* Enable/disable connection tracking accounting */
+static inline void nf_ct_set_acct(struct net *net, bool enable)
+{
+        net->ct.sysctl_acct = enable;
+}
 extern int nf_conntrack_acct_init(struct net *net);
 extern void nf_conntrack_acct_fini(struct net *net);
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index 73517835303d..5b138506690e 100644
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -112,6 +112,16 @@ static int connbytes_mt_check(const struct xt_mtchk_param *par)
        if (ret < 0)
                pr_info("cannot load conntrack support for proto=%u\n",
                        par->family);
+        /*
+         * This filter cannot function correctly unless connection tracking
+         * accounting is enabled, so complain in the hope that someone notices.
+         */
+        if (!nf_ct_acct_enabled(par->net)) {
+                pr_warning("Forcing CT accounting to be enabled\n");
+                nf_ct_set_acct(par->net, true);
+        }
        return ret;
 }

diff --git a/include/net/netfilter/nf_conntrack_acct.h b/include/net/netfilter/nf_conntrack_acct.h index 03e218f0be43..4e9c63a20db2 100644 --- a/include/net/netfilter/nf_conntrack_acct.h +++ b/include/net/netfilter/nf_conntrack_acct.h
@@ -45,6 +45,18 @@ struct nf_conn_counter nf_ct_acct_ext_add(struct nf_conn ct, gfp_t gfp)
45	extern unsigned int	45	extern unsigned int
46	seq_print_acct(struct seq_file s, const struct nf_conn ct, int dir);	46	seq_print_acct(struct seq_file s, const struct nf_conn ct, int dir);
47		47
		48	/* Check if connection tracking accounting is enabled */
		49	static inline bool nf_ct_acct_enabled(struct net *net)
		50	{
		51	return net->ct.sysctl_acct != 0;
		52	}
		53
		54	/* Enable/disable connection tracking accounting */
		55	static inline void nf_ct_set_acct(struct net *net, bool enable)
		56	{
		57	net->ct.sysctl_acct = enable;
		58	}
		59
48	extern int nf_conntrack_acct_init(struct net *net);	60	extern int nf_conntrack_acct_init(struct net *net);
49	extern void nf_conntrack_acct_fini(struct net *net);	61	extern void nf_conntrack_acct_fini(struct net *net);
50		62


diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index 73517835303d..5b138506690e 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c
@@ -112,6 +112,16 @@ static int connbytes_mt_check(const struct xt_mtchk_param *par)
112	if (ret < 0)	112	if (ret < 0)
113	pr_info("cannot load conntrack support for proto=%u\n",	113	pr_info("cannot load conntrack support for proto=%u\n",
114	par->family);	114	par->family);
		115
		116	/*
		117	* This filter cannot function correctly unless connection tracking
		118	* accounting is enabled, so complain in the hope that someone notices.
		119	*/
		120	if (!nf_ct_acct_enabled(par->net)) {
		121	pr_warning("Forcing CT accounting to be enabled\n");
		122	nf_ct_set_acct(par->net, true);
		123	}
		124
115	return ret;	125	return ret;
116	}	126	}
117		127