diff options
| author | Mathieu Poirier <mathieu.poirier@linaro.org> | 2014-04-20 18:57:36 -0600 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-04-29 18:25:14 +0200 |
| commit | 683399eddb9fff742b1a14c5a5d03e12bfc0afff (patch) | |
| tree | e810034ef24dd4f9a57cd9c3137563050bfa7015 /net/netfilter/xt_nfacct.c | |
| parent | 1404c3ab9810ab155db5e5368af69d4b20ea5aab (diff) | |
netfilter: nfnetlink_acct: Adding quota support to accounting framework
nfacct objects already support accounting at the byte and packet
level. As such it is a natural extension to add the possiblity to
define a ceiling limit for both metrics.
All the support for quotas itself is added to nfnetlink acctounting
framework to stay coherent with current accounting object management.
Quota limit checks are implemented in xt_nfacct filter where
statistic collection is already done.
Pablo Neira Ayuso has also contributed to this feature.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/xt_nfacct.c')
| -rw-r--r-- | net/netfilter/xt_nfacct.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/net/netfilter/xt_nfacct.c b/net/netfilter/xt_nfacct.c index b3be0ef21f19..8c646ed9c921 100644 --- a/net/netfilter/xt_nfacct.c +++ b/net/netfilter/xt_nfacct.c @@ -21,11 +21,14 @@ MODULE_ALIAS("ip6t_nfacct"); static bool nfacct_mt(const struct sk_buff *skb, struct xt_action_param *par) { + int overquota; const struct xt_nfacct_match_info *info = par->targinfo; nfnl_acct_update(skb, info->nfacct); - return true; + overquota = nfnl_acct_overquota(skb, info->nfacct); + + return overquota == NFACCT_UNDERQUOTA ? false : true; } static int |