On Thu, Jul 31, 2014 at 05:14:05PM +0400, Alexey Perevalov wrote: > Bit helper functions were used for manipulation with NFACCT_F_OVERQUOTA, > but they are accepting pit position, but not a bit mask. As a result > not a third bit for NFACCT_F_OVERQUOTA was set, but forth. Such > behaviour was dangarous and could lead to unexpected overquota report > result. Applied, thanks. I have made a minor change. > Signed-off-by: Alexey Perevalov <a.perevalov@xxxxxxxxxxx> > --- > include/uapi/linux/netfilter/nfnetlink_acct.h | 5 ++++- > net/netfilter/nfnetlink_acct.c | 7 ++++--- > 2 files changed, 8 insertions(+), 4 deletions(-) > > diff --git a/include/uapi/linux/netfilter/nfnetlink_acct.h b/include/uapi/linux/netfilter/nfnetlink_acct.h > index 51404ec..81410b7 100644 > --- a/include/uapi/linux/netfilter/nfnetlink_acct.h > +++ b/include/uapi/linux/netfilter/nfnetlink_acct.h > @@ -14,10 +14,13 @@ enum nfnl_acct_msg_types { > NFNL_MSG_ACCT_MAX > }; > > +#define NFACCT_OVERQUOTA_BIT 2 > + > enum nfnl_acct_flags { > NFACCT_F_QUOTA_PKTS = (1 << 0), > NFACCT_F_QUOTA_BYTES = (1 << 1), > - NFACCT_F_OVERQUOTA = (1 << 2), /* can't be set from userspace */ > + NFACCT_F_OVERQUOTA = (1 << NFACCT_OVERQUOTA_BIT), /* can't be > + set from userspace */ > }; I know I asked for NFACCT_OVERQUOTA_BIT to be included here, bit after seeing the patch it's obvious it doesn't make sense to expose this to userspace, so I have mangled the patch to define this in nfnetlink_acct. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html