On Thu, Jul 31, 2014 at 05:14:05PM +0400, Alexey Perevalov wrote:
> Bit helper functions were used for manipulation with NFACCT_F_OVERQUOTA,
> but they are accepting pit position, but not a bit mask. As a result
> not a third bit for NFACCT_F_OVERQUOTA was set, but forth. Such
> behaviour was dangarous and could lead to unexpected overquota report
> result.
Applied, thanks.
I have made a minor change.
> Signed-off-by: Alexey Perevalov <a.perevalov@xxxxxxxxxxx>
> ---
> include/uapi/linux/netfilter/nfnetlink_acct.h | 5 ++++-
> net/netfilter/nfnetlink_acct.c | 7 ++++---
> 2 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/include/uapi/linux/netfilter/nfnetlink_acct.h b/include/uapi/linux/netfilter/nfnetlink_acct.h
> index 51404ec..81410b7 100644
> --- a/include/uapi/linux/netfilter/nfnetlink_acct.h
> +++ b/include/uapi/linux/netfilter/nfnetlink_acct.h
> @@ -14,10 +14,13 @@ enum nfnl_acct_msg_types {
> NFNL_MSG_ACCT_MAX
> };
>
> +#define NFACCT_OVERQUOTA_BIT 2
> +
> enum nfnl_acct_flags {
> NFACCT_F_QUOTA_PKTS = (1 << 0),
> NFACCT_F_QUOTA_BYTES = (1 << 1),
> - NFACCT_F_OVERQUOTA = (1 << 2), /* can't be set from userspace */
> + NFACCT_F_OVERQUOTA = (1 << NFACCT_OVERQUOTA_BIT), /* can't be
> + set from userspace */
> };
I know I asked for NFACCT_OVERQUOTA_BIT to be included here, bit after
seeing the patch it's obvious it doesn't make sense to expose this to
userspace, so I have mangled the patch to define this in
nfnetlink_acct.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
