Hi,
I tried to play a little bit with the quota features of the extended
accounting infrastructure.
However, it seemed that the quotas were not registered when creating the
accounting objects.
Example :
# nfacct add testquota packet 5
# iptables -I OUTPUT -p icmp -m nfacct --nfacct-name testquota
# nfacct get testquota
{ pkts = 00000000000000000000, bytes = 00000000000000000000 } = testquota;
When I ping the machine, I see the counters go above 5 packets, however
I get no output when running :
# nfacct monitor
After a little bit of investigation in the code of nfacct, I checked
that the NFACCT_ATTR_FLAGS and NFACCT_ATTR_QUOTA attributes were set. (i
managed to call _nfacct_cmd_add with flags=NFACCT_F_QUOTA_PKTS).
However, the kernel code in netfilter/net/nfnetlink_acct.c somehow did
not "get" the flags : the execution didn't enter in the "if
(tb[NFACCT_FLAGS]) { ... }" in nfnl_acct_new(). (checked that using printk).
Any idea how this could happen ?
Thanks :)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
