[netfilter-cvslog] r3861 - in trunk/patch-o-matic-ng/quota: . linux/include/linux/netfilter_ipv4 linux/net/ipv4/netfilter linux-2.6/include/linux/netfilter_ipv4 linux-2.6/net/ipv4/netfilter

laforge at netfilter.org laforge at netfilter.org
Fri Apr 15 11:30:08 CEST 2005


Author: laforge at netfilter.org
Date: 2005-04-15 11:30:08 +0200 (Fri, 15 Apr 2005)
New Revision: 3861

Modified:
   trunk/patch-o-matic-ng/quota/help
   trunk/patch-o-matic-ng/quota/linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h
   trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c
   trunk/patch-o-matic-ng/quota/linux/include/linux/netfilter_ipv4/ipt_quota.h
   trunk/patch-o-matic-ng/quota/linux/net/ipv4/netfilter/ipt_quota.c
Log:
fix quota match on SMP (Pablo Neira)


Modified: trunk/patch-o-matic-ng/quota/help
===================================================================
--- trunk/patch-o-matic-ng/quota/help	2005-04-15 08:20:23 UTC (rev 3860)
+++ trunk/patch-o-matic-ng/quota/help	2005-04-15 09:30:08 UTC (rev 3861)
@@ -4,6 +4,3 @@
 Supported options are:
 --quota <bytes>
   The quota in bytes.
-
-KNOWN BUGS: this does not work on SMP systems.
-

Modified: trunk/patch-o-matic-ng/quota/linux/include/linux/netfilter_ipv4/ipt_quota.h
===================================================================
--- trunk/patch-o-matic-ng/quota/linux/include/linux/netfilter_ipv4/ipt_quota.h	2005-04-15 08:20:23 UTC (rev 3860)
+++ trunk/patch-o-matic-ng/quota/linux/include/linux/netfilter_ipv4/ipt_quota.h	2005-04-15 09:30:08 UTC (rev 3861)
@@ -6,6 +6,7 @@
 
 struct ipt_quota_info {
         u_int64_t quota;
+	struct ipt_quota_info *master;
 };
 
 #endif /*_IPT_QUOTA_H*/

Modified: trunk/patch-o-matic-ng/quota/linux/net/ipv4/netfilter/ipt_quota.c
===================================================================
--- trunk/patch-o-matic-ng/quota/linux/net/ipv4/netfilter/ipt_quota.c	2005-04-15 08:20:23 UTC (rev 3860)
+++ trunk/patch-o-matic-ng/quota/linux/net/ipv4/netfilter/ipt_quota.c	2005-04-15 09:30:08 UTC (rev 3861)
@@ -2,6 +2,8 @@
  * netfilter module to enforce network quotas
  *
  * Sam Johnston <samj at samj.net>
+ *
+ * 30/01/05: Fixed on SMP --Pablo Neira <pablo at eurodev.net>
  */
 #include <linux/module.h>
 #include <linux/skbuff.h>
@@ -22,9 +24,9 @@
       const void *matchinfo,
       int offset, const void *hdr, u_int16_t datalen, int *hotdrop)
 {
+	struct ipt_quota_info *q =
+		((struct ipt_quota_info *) matchinfo)->master;
 
-        struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
-
         spin_lock_bh(&quota_lock);
 
         if (q->quota >= datalen) {
@@ -55,8 +57,13 @@
            void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
 {
         /* TODO: spinlocks? sanity checks? */
+	struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
+
         if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info)))
                 return 0;
+	
+	/* For SMP, we only want to use one set of counters. */
+	q->master = q;
 
         return 1;
 }

Modified: trunk/patch-o-matic-ng/quota/linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h
===================================================================
--- trunk/patch-o-matic-ng/quota/linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h	2005-04-15 08:20:23 UTC (rev 3860)
+++ trunk/patch-o-matic-ng/quota/linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h	2005-04-15 09:30:08 UTC (rev 3861)
@@ -6,6 +6,7 @@
 
 struct ipt_quota_info {
         u_int64_t quota;
+	struct ipt_quota_info *master;
 };
 
 #endif /*_IPT_QUOTA_H*/

Modified: trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c
===================================================================
--- trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c	2005-04-15 08:20:23 UTC (rev 3860)
+++ trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c	2005-04-15 09:30:08 UTC (rev 3861)
@@ -2,6 +2,8 @@
  * netfilter module to enforce network quotas
  *
  * Sam Johnston <samj at samj.net>
+ *
+ * 30/01/05: Fixed on SMP --Pablo Neira <pablo at eurodev.net>
  */
 #include <linux/module.h>
 #include <linux/skbuff.h>
@@ -23,7 +25,8 @@
       const void *matchinfo,
       int offset, int *hotdrop)
 {
-        struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
+        struct ipt_quota_info *q = 
+		((struct ipt_quota_info *) matchinfo)->master;
 	unsigned int datalen;
 
 	if (skb->len < sizeof(struct iphdr))
@@ -61,8 +64,13 @@
            void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
 {
         /* TODO: spinlocks? sanity checks? */
+	struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
+
         if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info)))
                 return 0;
+	
+	/* For SMP, we only want to use one set of counters. */
+	q->master = q;
 
         return 1;
 }




More information about the netfilter-cvslog mailing list