Bug 713523

Summary: Netfilter connection track accounting of packets and bytes is no longer enabled by default
Product: [Fedora] Fedora Reporter: kingbeauregard
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-06 11:29:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description kingbeauregard 2011-06-15 16:39:05 UTC 
Description of problem:

In Fedora 14 and earlier, /proc/net/nf_conntrack included fields for number of bytes and number of packets.  In Fedora 15, it does not.


Version-Release number of selected component (if applicable):


How reproducible:

Very


Steps to Reproduce:

Look at /proc/net/nf_conntrack in F14 and F15.

  
Actual results:

Example of a nf_conntrack row under F15:
ipv4     2 tcp      6 294968 ESTABLISHED src=192.168.4.220 dst=184.8.157.84 sport=6005 dport=41604 src=184.8.157.84 dst=75.10.132.226 sport=41604 dport=6005 ...

Expected results:

Comparable example of a row under F14; note the inclusion of "packets" and "bytes" fields:
ipv4     2 tcp      6 294968 ESTABLISHED src=192.168.4.220 dst=184.8.157.84 sport=6005 dport=41604 packets=12345 bytes=23456 src=184.8.157.84 dst=75.10.132.226 sport=41604 dport=6005 packets=12345 bytes=23456 ...

Additional info:

The boxes I am testing on were on F14 until I upgraded to F15.
Comment 1 Christian Iseli 2011-06-15 19:56:34 UTC 
Hi,

I do not think this is a bug in nfswatch.  Are you positive you selected the right component ?
Comment 2 kingbeauregard 2011-06-15 20:02:15 UTC 
I have no idea what the right component is.  The bug submission form instructed me that, if I don't know the answer, I should guess.  If you have a recommendation, I will update this bug report.
Comment 3 Christian Iseli 2011-06-15 23:13:38 UTC 
/proc is stuff from the kernel, so my guess would be to put "kernel" as the component.
Comment 4 kingbeauregard 2011-06-17 16:24:52 UTC 
I've switched it to "kernel".
Comment 5 Chuck Ebbert 2011-06-24 18:48:46 UTC 
Connection tracking accounting is no longer enabled by default. Use the nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
Comment 6 kingbeauregard 2011-06-24 19:47:10 UTC 
That took care of it; thanks!