Only print out a warning if nfacct support is missing. Detailed stats
are gone, but other uses of Session support can proceed.
---
src/session.c | 33 +++++++++++++++++++++------------
1 file changed, 21 insertions(+), 12 deletions(-)
diff --git a/src/session.c b/src/session.c
index 3fca6d6..47f137a 100644
--- a/src/session.c
+++ b/src/session.c
@@ -271,6 +271,25 @@ static void cleanup_firewall(void)
__connman_firewall_destroy(global_firewall);
}
+static int enable_nfacct(struct firewall_context *fw, uint32_t mark)
+{
+ int err;
+
+ err = __connman_firewall_add_rule(fw, "filter", "INPUT",
+ "-m mark --mark %d -m nfacct "
+ "--nfacct-name session-input-%d",
+ mark, mark);
+ if (err < 0)
+ return err;
+
+ err = __connman_firewall_add_rule(fw, "filter", "OUTPUT",
+ "-m mark --mark %d -m nfacct "
+ "--nfacct-name session-output-%d",
+ mark, mark);
+
+ return err;
+}
+
static int init_firewall_session(struct connman_session *session)
{
struct firewall_context *fw;
@@ -308,19 +327,9 @@ static int init_firewall_session(struct connman_session
*session)
session->id_type = session->policy_config->id_type;
- err = __connman_firewall_add_rule(fw, "filter", "INPUT",
- "-m mark --mark %d -m nfacct --nfacct-name session-input-%d",
- session->mark,
- session->mark);
+ err = enable_nfacct(fw, session->mark);
if (err < 0)
- goto err;
-
- err = __connman_firewall_add_rule(fw, "filter", "OUTPUT",
- "-m mark --mark %d -m nfacct --nfacct-name session-output-%d",
- session->mark,
- session->mark);
- if (err < 0)
- goto err;
+ connman_warn_once("Support for nfacct missing");
err = __connman_firewall_enable(fw);
if (err)
--
1.7.10.4
_______________________________________________
connman mailing list
[email protected]
https://lists.connman.net/mailman/listinfo/connman
