Hi Alexey, I need some minor comestic changes, please address them and resubmit. See below. On Wed, Aug 06, 2014 at 02:53:04PM +0400, Alexey Perevalov wrote: > Filter feature is working through NFACCT_FILTER netlink attribute. > If kernel doesn't support it, client will not get an error > and silently will work as before. Could you add some example usage to the description? Users google for this, it will be helpful to them. > Signed-off-by: Alexey Perevalov <a.perevalov@xxxxxxxxxxx> > --- > include/linux/netfilter/nfnetlink_acct.h | 8 ++++ > src/nfacct.c | 62 ++++++++++++++++++++++++++++++ > 2 files changed, 70 insertions(+) > > diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h > index 44dcd17..7542c70 100644 > --- a/include/linux/netfilter/nfnetlink_acct.h > +++ b/include/linux/netfilter/nfnetlink_acct.h > @@ -28,10 +28,18 @@ enum nfnl_acct_type { > NFACCT_USE, > NFACCT_FLAGS, > NFACCT_QUOTA, > + NFACCT_FILTER, > __NFACCT_MAX > }; > #define NFACCT_MAX (__NFACCT_MAX - 1) > > +enum nfnl_attr_filter_type { > + NFACCT_FILTER_ATTR_UNSPEC, > + NFACCT_FILTER_ATTR_MASK, > + NFACCT_FILTER_ATTR_VALUE, > + __NFACCT_FILTER_ATTR_MAX > +}; > + > #ifdef __KERNEL__ > > struct nf_acct; > diff --git a/src/nfacct.c b/src/nfacct.c > index 091a5c9..860436d 100644 > --- a/src/nfacct.c > +++ b/src/nfacct.c > @@ -166,6 +166,49 @@ err: > return MNL_CB_OK; > } > > +enum filter_selection { > + NFACCT_FILTER_UNSPEC, > + NFACCT_FILTER_COUNTERS, > + NFACCT_FILTER_QUOTA_BYTES, > + NFACCT_FILTER_QUOTA_PACKETS, > + NFACCT_FILTER_OVERQUOTA, > +}; > + > +#define NFACCT_F_QUOTAS (NFACCT_F_QUOTA_BYTES | NFACCT_F_QUOTA_PKTS) > + > +static void nlmsg_build_filter_payload(enum filter_selection *selection, > + struct nlmsghdr *nlh) > +{ > + struct nlattr *nest; > + uint32_t mask = 0, value = 0; > + > + if (!selection || *selection == NFACCT_FILTER_UNSPEC) > + return; You can use selection == NFACCT_FILTER_UNSPEC instead of !selection, so you can skip the use of the pointer. > + > + nest = mnl_attr_nest_start(nlh, NFACCT_FILTER); > + if (nest == NULL) > + return; > + > + if (*selection == NFACCT_FILTER_QUOTA_BYTES) { > + mask = NFACCT_F_QUOTA_BYTES; > + value = NFACCT_F_QUOTA_BYTES; > + } else if (*selection == NFACCT_FILTER_QUOTA_PACKETS) { > + mask = NFACCT_F_QUOTA_PKTS; > + value = NFACCT_F_QUOTA_PKTS; > + } else if (*selection == NFACCT_FILTER_COUNTERS) { > + mask = NFACCT_F_QUOTAS; > + value = 0; /* counters isn't quotas */ > + } else if (*selection == NFACCT_FILTER_OVERQUOTA) { > + mask = NFACCT_F_OVERQUOTA; > + value = NFACCT_F_OVERQUOTA; > + } > + > + mnl_attr_put_u32(nlh, NFACCT_FILTER_ATTR_MASK, mask); > + mnl_attr_put_u32(nlh, NFACCT_FILTER_ATTR_VALUE, value); > + > + mnl_attr_nest_end(nlh, nest); > +} > + > static int nfacct_cmd_list(int argc, char *argv[]) > { > bool zeroctr = false, xml = false; > @@ -174,12 +217,30 @@ static int nfacct_cmd_list(int argc, char *argv[]) > struct nlmsghdr *nlh; > unsigned int seq, portid; > int ret, i; > + enum filter_selection selection = NFACCT_FILTER_UNSPEC; > + struct nfacct *nfacct = nfacct_alloc(); > + > + if (nfacct == NULL) { > + nfacct_perror("OOM"); > + return -1; > + } > > for (i=2; i<argc; i++) { > if (strncmp(argv[i], "reset", strlen(argv[i])) == 0) { > zeroctr = true; > } else if (strncmp(argv[i], "xml", strlen(argv[i])) == 0) { > xml = true; > + } else if (strncmp(argv[i], "counters", strlen(argv[i])) == 0) { > + selection = NFACCT_FILTER_COUNTERS; > + } else if (strncmp(argv[i], "byte_quotas", strlen(argv[i])) quota-byte instead of byte_quotas. > + == 0) { > + selection = NFACCT_FILTER_QUOTA_BYTES; > + } else if (strncmp(argv[i], "packet_quotas", strlen(argv[i])) quota-packet instead. > + == 0) { > + selection = NFACCT_FILTER_QUOTA_PACKETS; > + } else if (strncmp(argv[i], "overquota", strlen(argv[i])) > + == 0) { > + selection = NFACCT_FILTER_OVERQUOTA; > } else { > nfacct_perror("unknown argument"); > return -1; > @@ -192,6 +253,7 @@ static int nfacct_cmd_list(int argc, char *argv[]) > NFNL_MSG_ACCT_GET, > NLM_F_DUMP, seq); > > + nlmsg_build_filter_payload(&selection, nlh); > nl = mnl_socket_open(NETLINK_NETFILTER); > if (nl == NULL) { > nfacct_perror("mnl_socket_open"); > -- > 1.7.9.5 > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html