[arch-general] conntrack does not display bytes and packets
Hi, Since I updated my kernel to 2.6.36 and 2.6.37, /proc/net/nf_conntrack and conntrack -L do NOT show "packets" and "bytes" even for ASSURED / REPLIED connections. It seems that both of these data (bytes and packets) have disappeared from conntrack/netfilter. Am I missing something? Is there an option somewhere to restore earlier behavior (previous kernels/netfilter would always display both bytes and packets)? Example when opening google: ipv4 2 tcp 6 431999 ESTABLISHED src=10.215.144.48 dst=209.85.147.104 sport=52531 dport=80 src=209.85.147.104 dst=10.215.144.48 sport=80 dport=52531 [ASSURED] mark=0 secmark=0 use=2 ipv4 2 tcp 6 431999 ESTABLISHED src=10.215.144.48 dst=209.85.147.104 sport=52533 dport=80 src=209.85.147.104 dst=10.215.144.48 sport=80 dport=52533 [ASSURED] mark=0 secmark=0 use=2 ipv4 2 tcp 6 431999 ESTABLISHED src=10.215.144.48 dst=209.85.147.104 sport=52530 dport=80 src=209.85.147.104 dst=10.215.144.48 sport=80 dport=52530 [ASSURED] mark=0 secmark=0 use=2 ipv4 2 tcp 6 431998 ESTABLISHED src=10.215.144.48 dst=209.85.147.104 sport=52532 dport=80 src=209.85.147.104 dst=10.215.144.48 sport=80 dport=52532 [ASSURED] mark=0 secmark=0 use=2 Previous kernel/netfilter would show something like this: tcp 6 73 TIME_WAIT src=10.215.144.7 dst=209.85.147.104 sport=35407 dport=80 packets=15 bytes=1386 src=209.85.147.104 dst=192.168.92.2 sport=80 dport=35407 packets=11 bytes=10180 [ASSURED] mark=1 use=1 (note "bytes" and "packets") Thanks, Vieri
--- On Wed, 5/11/11, Vieri <rentorbuy@yahoo.com> wrote:
Since I updated my kernel to 2.6.36 and 2.6.37, /proc/net/nf_conntrack and conntrack -L do NOT show "packets" and "bytes" even for ASSURED / REPLIED connections.
Apparently, newer kernel versions require the user to set: sysctl -w net.netfilter.nf_conntrack_acct=1
participants (1)
-
Vieri