On Sun, Apr 20, 2014 at 06:58:16PM -0600, mathieu.poirier@xxxxxxxxxx wrote:
> From: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>
>
> The accounting framework now supports quota at the packet and byte
> level. The tool is simply enhanced with two optional arguments to
> specify the whether accounting for byte of packet and the limit
> associated with each. Also adding a monitor mode that listens for
> quota attainment notification.
>
> Examples:
>
> /* create an accounting object that isn't associated to a quota */
> $ nfacct add first_no_quota
>
> /* create a quota object with byte count limited to 50 byte */
> $ nfacct add second_quota byte 50
>
> /* create a quota object with packet count limited to 5 */
> $ nfacct add third_quota packet 5
>
> From there the accounting objects can be used in iptables the same
> way as they did before:
>
> /* limit the number of icmp packets allowed through the OUTPUT chain */
> $ iptables -I OUTPUT -p icmp -m nfacct --nfacct-name third_quota --jump REJECT
>
> /* listening for quota attainment notification */
> $ nfacct listen
I'm going to rename this to 'monitor' instead.
> @@ -526,28 +569,93 @@ static int nfacct_cmd_help(int argc, char *argv[])
>
> static int nfacct_cmd_restore(int argc, char *argv[])
> {
> - uint64_t pkts, bytes;
> - char name[512];
> - char buffer[512];
> - int ret;
> + uint64_t pkts, bytes, quota;
> + char name[512], mode[512], buffer[512];
> + int ret, flags;
>
> while (fgets(buffer, sizeof(buffer), stdin)) {
> char *semicolon = strchr(buffer, ';');
> +
> if (semicolon == NULL) {
> nfacct_perror("invalid line");
> return -1;
> }
> +
> + /* a single ';' terminates the input */
> + if (strncmp(buffer, ";", 1) == 0)
> + break;
This chunk seems new, why is it needed there?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
