Add support to zero counters conntrack at getting. Currently we can zero all the conntracks via zero and dump, but it could be useful more fine grain zeroing. Signed-by-off: Pablo Neira Ayuso Index: net-2.6.git/net/ipv4/netfilter/ip_conntrack_netlink.c =================================================================== --- net-2.6.git.orig/net/ipv4/netfilter/ip_conntrack_netlink.c 2005-11-04 18:11:06.000000000 +0100 +++ net-2.6.git/net/ipv4/netfilter/ip_conntrack_netlink.c 2005-11-04 18:30:59.000000000 +0100 @@ -788,6 +788,12 @@ ctnetlink_get_conntrack(struct sock *ctn err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, IPCTNL_MSG_CT_NEW, 1, ct); + +#ifdef CONFIG_IP_NF_CT_ACCT + if (NFNL_MSG_TYPE(nlh->nlmsg_type) == IPCTNL_MSG_CT_GET_CTRZERO) + memset(&ct->counters, 0, sizeof(ct->counters)); +#endif + ip_conntrack_put(ct); if (err <= 0) goto free;