Bug 710158
| Summary: | CONFIG_NF_CT_ACCT is deprecated in kernel-rt-2.6.33.9-rt31.66.el6rt | ||
|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | David Sommerseth <davids> |
| Component: | realtime-kernel | Assignee: | Luis Claudio R. Goncalves <lgoncalv> |
| Status: | CLOSED ERRATA | QA Contact: | David Sommerseth <davids> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 2.0 | CC: | bhu, jkodak, lgoncalv, ovasik, williams |
| Target Milestone: | 2.0.8 | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause: CONFIG_NF_CT_ACCT was required by older versions of the userspace iptables tool. It is no longer necessary.
Consequence: A warning is displayed during boot time informing that this option is deprecated and scheduled to be removed.
Fix: Decouple CONFIG_NF_CT_ACCT from other Netfilter options and disable it in the configuration files.
Result: No warnings about "CONFIG_NF_CT_ACCT" during boot time.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-09-12 19:46:28 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
David Sommerseth
2011-06-02 14:44:42 UTC
removed CONFIG_NF_CT_ACCT from the config files in kernel-rt-2.6.33.9-rt31
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: CONFIG_NF_CT_ACCT was required by older versions of the userspace iptables tool. It is no longer necessary.
Consequence: A warning is displayed during boot time informing that this option is deprecated and scheduled to be removed.
Fix: Disable CONFIG_NF_CT_ACCT in the configurations files.
Result: No warnings about "CONFIG_NF_CT_ACCT" during boot time.
Fail :/ [root@mrg39 ~]# uname -r 2.6.33.9-rt31.73.el6rt.x86_64 [root@mrg39 ~]# dmesg | grep CONFIG_NF_CT_ACCT CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use [root@mrg39 ~]# grep CONFIG_NF_CT_ACCT /boot/config-2.6.3* /boot/config-2.6.33.9-rt31.73.el6rt.x86_64:CONFIG_NF_CT_ACCT=y [root@mrg39 ~]# -> ASSIGNED $ grep NETFILTER_XT_MATCH_CONNBYTES config-*
config-generic:CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
config-vanilla-x86_64:CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
And in net/netfilter/Kconfig:
config NETFILTER_XT_MATCH_CONNBYTES
tristate '"connbytes" per-connection counter match support'
...
select NF_CT_ACCT
So, NETFILTER_XT_MATCH_CONNBYTES forces CONFIG_NF_CT_ACCT.
As a reference check against the stock RHEL6.1 kernel: [root@mrg39 ~]# uname -r 2.6.32-131.0.15.el6.x86_64 [root@mrg39 ~]# dmesg | grep CONFIG_NF_CT_ACCT [root@mrg39 ~]# No warning found. Looks like the RHEL6 tree removed the definition of NF_CT_ACCT and the automatic select of it by NETFILTER_XT_MATCH_CONNBYTES from net/netfilter/Kconfig. We should do the same. Look at:
commit 6da46e3ce050530d9fc5f773a76baeb4eb657b47
Author: Jiri Pirko <jpirko>
Date: Thu Jul 1 12:12:27 2010 -0400
[net] netfilter: remove config option NF_CT_ACCT completely
From the RHEL6 git tree.
I have backported commit 6da46e3ce050530d9fc5f773a76baeb4eb657b47 from RHEL6, according to Clark's suggestion, and queued the resulting commit to the next Errata:
94d20f9 [net] netfilter: remove config option NF_CT_ACCT completely
Technical note updated. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Diffed Contents:
@@ -1,4 +1,4 @@
Cause: CONFIG_NF_CT_ACCT was required by older versions of the userspace iptables tool. It is no longer necessary.
Consequence: A warning is displayed during boot time informing that this option is deprecated and scheduled to be removed.
-Fix: Disable CONFIG_NF_CT_ACCT in the configurations files.
+Fix: Decouple CONFIG_NF_CT_ACCT from other Netfilter options and disable it in the configuration files.
Result: No warnings about "CONFIG_NF_CT_ACCT" during boot time.
Verified by checking dmesg and config files: ** 2.6.33.9-rt31.66: [root@dell-pe860-01 ~]# uname -r 2.6.33.9-rt31.66.el6rt.x86_64 [root@dell-pe860-01 ~]# dmesg | grep CONFIG_NF_CT_ACCT CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use [root@dell-pe860-01 ~]# grep CONFIG_NF_CT_ACCT /boot/config-2.6.33.9-rt31.66.el6rt.x86_64 CONFIG_NF_CT_ACCT=y ** 2.6.33.9-rt31.75: [root@dell-per610-01 ~]# uname -r 2.6.33.9-rt31.75.el6rt.x86_64 [root@dell-per610-01 ~]# dmesg | grep CONFIG_NF_CT_ACCT [root@dell-per610-01 ~]# grep CONFIG_NF_CT_ACCT /boot/config-2.6.33.9-rt31.75.el6rt.x86_64 -> VERIFIED An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-1253.html |