From: Pablo Neira Ayuso <pablo@netfilter.org>
To: mathieu.poirier@linaro.org
Cc: netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org,
john.stultz@linaro.org
Subject: Re: [RESEND PATCH 2/2] nfacct: adding quota capabilities
Date: Mon, 28 Apr 2014 10:56:25 +0200 [thread overview]
Message-ID: <20140428085625.GA18836@localhost> (raw)
In-Reply-To: <1398041896-8479-2-git-send-email-mathieu.poirier@linaro.org>
On Sun, Apr 20, 2014 at 06:58:16PM -0600, mathieu.poirier@linaro.org wrote:
> From: Mathieu Poirier <mathieu.poirier@linaro.org>
>
> The accounting framework now supports quota at the packet and byte
> level. The tool is simply enhanced with two optional arguments to
> specify the whether accounting for byte of packet and the limit
> associated with each. Also adding a monitor mode that listens for
> quota attainment notification.
>
> Examples:
>
> /* create an accounting object that isn't associated to a quota */
> $ nfacct add first_no_quota
>
> /* create a quota object with byte count limited to 50 byte */
> $ nfacct add second_quota byte 50
>
> /* create a quota object with packet count limited to 5 */
> $ nfacct add third_quota packet 5
>
> From there the accounting objects can be used in iptables the same
> way as they did before:
>
> /* limit the number of icmp packets allowed through the OUTPUT chain */
> $ iptables -I OUTPUT -p icmp -m nfacct --nfacct-name third_quota --jump REJECT
>
> /* listening for quota attainment notification */
> $ nfacct listen
I'm going to rename this to 'monitor' instead.
> @@ -526,28 +569,93 @@ static int nfacct_cmd_help(int argc, char *argv[])
>
> static int nfacct_cmd_restore(int argc, char *argv[])
> {
> - uint64_t pkts, bytes;
> - char name[512];
> - char buffer[512];
> - int ret;
> + uint64_t pkts, bytes, quota;
> + char name[512], mode[512], buffer[512];
> + int ret, flags;
>
> while (fgets(buffer, sizeof(buffer), stdin)) {
> char *semicolon = strchr(buffer, ';');
> +
> if (semicolon == NULL) {
> nfacct_perror("invalid line");
> return -1;
> }
> +
> + /* a single ';' terminates the input */
> + if (strncmp(buffer, ";", 1) == 0)
> + break;
This chunk seems new, why is it needed there?
next prev parent reply other threads:[~2014-04-28 8:56 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-21 0:58 [RESEND PATCH 1/2] Extend accounting capabilities to support quotas mathieu.poirier
2014-04-21 0:58 ` [RESEND PATCH 2/2] nfacct: adding quota capabilities mathieu.poirier
2014-04-21 0:58 ` mathieu.poirier
2014-04-28 8:56 ` Pablo Neira Ayuso [this message]
2014-04-28 10:20 ` Pablo Neira Ayuso
2014-04-29 14:03 ` Mathieu Poirier
2014-04-30 20:30 ` Mathieu Poirier
2014-05-04 12:30 ` Pablo Neira Ayuso
2014-04-28 10:18 ` [RESEND PATCH 1/2] Extend accounting capabilities to support quotas Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140428085625.GA18836@localhost \
--to=pablo@netfilter.org \
--cc=john.stultz@linaro.org \
--cc=mathieu.poirier@linaro.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.