Re: [RESEND PATCH 2/2] nfacct: adding quota capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Apr 20, 2014 at 06:58:16PM -0600, mathieu.poirier@xxxxxxxxxx wrote:
> From: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>
> 
> The accounting framework now supports quota at the packet and byte
> level.  The tool is simply enhanced with two optional arguments to
> specify the whether accounting for byte of packet and the limit
> associated with each.  Also adding a monitor mode that listens for
> quota attainment notification.
> 
> Examples:
> 
> /* create an accounting object that isn't associated to a quota */
> $ nfacct add first_no_quota
> 
> /* create a quota object with byte count limited to 50 byte */
> $ nfacct add second_quota byte 50
> 
> /* create a quota object with packet count limited to 5 */
> $ nfacct add third_quota packet 5
> 
> From there the accounting objects can be used in iptables the same
> way as they did before:
> 
> /* limit the number of icmp packets allowed through the OUTPUT chain */
> $ iptables -I OUTPUT -p icmp -m nfacct --nfacct-name third_quota --jump REJECT
> 
> /* listening for quota attainment notification */
> $ nfacct listen

I'm going to rename this to 'monitor' instead.

> @@ -526,28 +569,93 @@ static int nfacct_cmd_help(int argc, char *argv[])
>  
>  static int nfacct_cmd_restore(int argc, char *argv[])
>  {
> -	uint64_t pkts, bytes;
> -	char name[512];
> -	char buffer[512];
> -	int ret;
> +	uint64_t pkts, bytes, quota;
> +	char name[512], mode[512], buffer[512];
> +	int ret, flags;
>  
>  	while (fgets(buffer, sizeof(buffer), stdin)) {
>  		char *semicolon = strchr(buffer, ';');
> +
>  		if (semicolon == NULL) {
>  			nfacct_perror("invalid line");
>  			return -1;
>  		}
> +
> +		/* a single ';' terminates the input */
> +		if (strncmp(buffer, ";", 1) == 0)
> +			break;

This chunk seems new, why is it needed there?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux