[netfilter-cvslog] r3861 - in trunk/patch-o-matic-ng/quota: .
linux/include/linux/netfilter_ipv4 linux/net/ipv4/netfilter
linux-2.6/include/linux/netfilter_ipv4 linux-2.6/net/ipv4/netfilter
laforge at netfilter.org
laforge at netfilter.org
Fri Apr 15 11:30:08 CEST 2005
Author: laforge at netfilter.org
Date: 2005-04-15 11:30:08 +0200 (Fri, 15 Apr 2005)
New Revision: 3861
Modified:
trunk/patch-o-matic-ng/quota/help
trunk/patch-o-matic-ng/quota/linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h
trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c
trunk/patch-o-matic-ng/quota/linux/include/linux/netfilter_ipv4/ipt_quota.h
trunk/patch-o-matic-ng/quota/linux/net/ipv4/netfilter/ipt_quota.c
Log:
fix quota match on SMP (Pablo Neira)
Modified: trunk/patch-o-matic-ng/quota/help
===================================================================
--- trunk/patch-o-matic-ng/quota/help 2005-04-15 08:20:23 UTC (rev 3860)
+++ trunk/patch-o-matic-ng/quota/help 2005-04-15 09:30:08 UTC (rev 3861)
@@ -4,6 +4,3 @@
Supported options are:
--quota <bytes>
The quota in bytes.
-
-KNOWN BUGS: this does not work on SMP systems.
-
Modified: trunk/patch-o-matic-ng/quota/linux/include/linux/netfilter_ipv4/ipt_quota.h
===================================================================
--- trunk/patch-o-matic-ng/quota/linux/include/linux/netfilter_ipv4/ipt_quota.h 2005-04-15 08:20:23 UTC (rev 3860)
+++ trunk/patch-o-matic-ng/quota/linux/include/linux/netfilter_ipv4/ipt_quota.h 2005-04-15 09:30:08 UTC (rev 3861)
@@ -6,6 +6,7 @@
struct ipt_quota_info {
u_int64_t quota;
+ struct ipt_quota_info *master;
};
#endif /*_IPT_QUOTA_H*/
Modified: trunk/patch-o-matic-ng/quota/linux/net/ipv4/netfilter/ipt_quota.c
===================================================================
--- trunk/patch-o-matic-ng/quota/linux/net/ipv4/netfilter/ipt_quota.c 2005-04-15 08:20:23 UTC (rev 3860)
+++ trunk/patch-o-matic-ng/quota/linux/net/ipv4/netfilter/ipt_quota.c 2005-04-15 09:30:08 UTC (rev 3861)
@@ -2,6 +2,8 @@
* netfilter module to enforce network quotas
*
* Sam Johnston <samj at samj.net>
+ *
+ * 30/01/05: Fixed on SMP --Pablo Neira <pablo at eurodev.net>
*/
#include <linux/module.h>
#include <linux/skbuff.h>
@@ -22,9 +24,9 @@
const void *matchinfo,
int offset, const void *hdr, u_int16_t datalen, int *hotdrop)
{
+ struct ipt_quota_info *q =
+ ((struct ipt_quota_info *) matchinfo)->master;
- struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
-
spin_lock_bh("a_lock);
if (q->quota >= datalen) {
@@ -55,8 +57,13 @@
void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
{
/* TODO: spinlocks? sanity checks? */
+ struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
+
if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info)))
return 0;
+
+ /* For SMP, we only want to use one set of counters. */
+ q->master = q;
return 1;
}
Modified: trunk/patch-o-matic-ng/quota/linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h
===================================================================
--- trunk/patch-o-matic-ng/quota/linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h 2005-04-15 08:20:23 UTC (rev 3860)
+++ trunk/patch-o-matic-ng/quota/linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h 2005-04-15 09:30:08 UTC (rev 3861)
@@ -6,6 +6,7 @@
struct ipt_quota_info {
u_int64_t quota;
+ struct ipt_quota_info *master;
};
#endif /*_IPT_QUOTA_H*/
Modified: trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c
===================================================================
--- trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c 2005-04-15 08:20:23 UTC (rev 3860)
+++ trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c 2005-04-15 09:30:08 UTC (rev 3861)
@@ -2,6 +2,8 @@
* netfilter module to enforce network quotas
*
* Sam Johnston <samj at samj.net>
+ *
+ * 30/01/05: Fixed on SMP --Pablo Neira <pablo at eurodev.net>
*/
#include <linux/module.h>
#include <linux/skbuff.h>
@@ -23,7 +25,8 @@
const void *matchinfo,
int offset, int *hotdrop)
{
- struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
+ struct ipt_quota_info *q =
+ ((struct ipt_quota_info *) matchinfo)->master;
unsigned int datalen;
if (skb->len < sizeof(struct iphdr))
@@ -61,8 +64,13 @@
void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
{
/* TODO: spinlocks? sanity checks? */
+ struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
+
if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info)))
return 0;
+
+ /* For SMP, we only want to use one set of counters. */
+ q->master = q;
return 1;
}
More information about the netfilter-cvslog
mailing list