On Mon, Jan 27, 2014 at 08:35:38AM -0700, Mathieu Poirier wrote:
> On 26 January 2014 16:02, Florian Westphal <fw@xxxxxxxxx> wrote:
> > mathieu.poirier@xxxxxxxxxx <mathieu.poirier@xxxxxxxxxx> wrote:
> >
> > [ removed netfilter@ from CC ]
> >
> >> Adding packet and byte quota support. Once a quota has been
> >> reached a noticifaction is sent to user space that includes
> >> the name of the accounting object along with the current byte
> >> and packet count.
> >>
> >> Signed-off-by: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>
> >> diff --git a/include/uapi/linux/netfilter/xt_nfacct.h b/include/uapi/linux/netfilter/xt_nfacct.h
> >> index 3e19c8a..d38104f 100644
> >> --- a/include/uapi/linux/netfilter/xt_nfacct.h
> >> +++ b/include/uapi/linux/netfilter/xt_nfacct.h
> >> @@ -3,11 +3,25 @@
> >>
> >> +struct xt_nfacct_match_info_v1 {
> >> + char name[NFACCT_NAME_MAX];
> >> + struct nf_acct *nfacct;
> >> +
> >> + __u32 flags;
> >> + __aligned_u64 quota;
> >> + struct nf_acct_quota *priv;
> >> +};
> >
> > I think that pointers should be aligned to 8-byte boundary, else
> > this can cause issues with 32-bit-userspace-on-64-bit-kernel.
>
> Something like "struct nf_acct_quota *priv __attribute__((aligned(8)));" ?
If you follow this approach yes. I told you already:
http://permalink.gmane.org/gmane.comp.security.firewalls.netfilter.devel/50191
but for whatever reason this was ignored, so please make an effort to
address all comments.
Thank you.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
