On 23.07.2010 08:28, Eric Dumazet wrote: > Le vendredi 23 juillet 2010 à 08:20 +0200, Jan Engelhardt a écrit : >> On Friday 2010-07-23 06:54, Changli Gao wrote: >> >>> This patch should be applied after my another patch: >>> http://patchwork.ozlabs.org/patch/59729/ >>> >>> xt_quota: don't copy quota back to userspace >>> >>> In nowadays, table entries are per-cpu variables, so it don't make any >>> sense to copy quota back to one of the variable instances. To keep >>> things simple, this patch undo the copy. >> >> I object. This line is on purpose, to give at least a chance of >> reporting back a more-or-less believable value. Without copying >> the value back, users have moaned about the counter not decreasing >> _at all_. > > Maybe, but current situation is buggy. Indeed, besides not being able to properly "iptables-save" a rule, its not possible to delete a specific quota rule since they can't be distinguished based on the specified quota value: # iptables -A INPUT -m quota --quota 1000 # iptables -A INPUT -m quota --quota 2000 # iptables -D INPUT -m quota --quota 2000 # iptables -vxnL INPUT Chain INPUT (policy ACCEPT 2 packets, 96 bytes) pkts bytes target prot opt in out source destination 6 356 all -- * * 0.0.0.0/0 0.0.0.0/0 quota: 1644 bytes -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
