On Tue, Oct 09, 2018 at 04:47:20PM -0700, Maciej Żenczykowski wrote:
> Ah, yes, the (2**64 - 1) + 1 problem.
>
> The fact max allowed remaining is (2**64 - 2) is perhaps surprising...
> should we clamp? or warn?
>
> userspace has:
> if (cb->entry->id == O_REMAIN) info->remain++;
> should this error out in userspace if we end up at zero?
>
> +-m quota --quota 18446744073709551615 --remain 18446744073709551614;;FAIL
>
> this one really should also pass...
:-)
> kernel has:
> if (atomic64_read(&q->counter) > q->quota + 1)
> this should probably be:
> if (atomic64_read(&q->counter) && atomic64_read(&q->counter) - 1 > q->quota)
>
> Also I think there's something ugly with
> -m quota --quota 18446744073709551614
> vs
> -m quota --quota 18446744073709551615
>
> and thus possibly:
> if (current_count <= skb->len) {
> should actually be
> if (current_count && current_count <= skb->len) {
>
> Maybe all of this would actually be easier if we were counting bytes
> used instead of bytes remaining.
I think so. This is still net-next, so noone is using it yet apart
from developers? Probably we can still change this to become
--consumed rather than --remain. I would take patches for nf-next if
you follow that path, no problem.
Thanks.
