From 71bc61f926ca2d8ec57d9fbd698c2af32c9a9f64 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Tue, 17 Mar 2009 16:37:47 +0100
Subject: libxt_connbytes: document nf_ct_acct behavior

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_connbytes.man | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'extensions')

diff --git a/extensions/libxt_connbytes.man b/extensions/libxt_connbytes.man
index b5608a35..e475cae7 100644
--- a/extensions/libxt_connbytes.man
+++ b/extensions/libxt_connbytes.man
@@ -9,6 +9,12 @@ scheduled using a lower priority band in traffic control.
 .PP
 The transferred bytes per connection can also be viewed through
 `conntrack -L` and accessed via ctnetlink.
+.PP
+NOTE that for connections which have no accounting information, the match will
+always return false. The "net.netfilter.nf_conntrack_acct" sysctl flag controls
+whether \fBnew\fP connections will be byte/packet counted. Existing connection
+flows will not be gaining/losing a/the accounting structure when be sysctl flag
+is flipped.
 .TP
 [\fB!\fP] \fB\-\-connbytes\fP \fIfrom\fP[\fB:\fP\fIto\fP]
 match packets from a connection whose packets/bytes/average packet
-- 
cgit v1.2.3