[netfilter-cvslog] r3862 - trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter

laforge at netfilter.org laforge at netfilter.org
Fri Apr 15 11:30:42 CEST 2005 

Author: laforge at netfilter.org
Date: 2005-04-15 11:30:41 +0200 (Fri, 15 Apr 2005)
New Revision: 3862

Modified:
   trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c
Log:
fix quota: count size of IP header on 2.6.x (Pablo Neira)


Modified: trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c
===================================================================
--- trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c	2005-04-15 09:30:08 UTC (rev 3861)
+++ trunk/patch-o-matic-ng/quota/linux-2.6/net/ipv4/netfilter/ipt_quota.c	2005-04-15 09:30:41 UTC (rev 3862)
@@ -27,22 +27,19 @@
 {
         struct ipt_quota_info *q = 
 		((struct ipt_quota_info *) matchinfo)->master;
-	unsigned int datalen;
 
 	if (skb->len < sizeof(struct iphdr))
 		return NF_ACCEPT;
 	
-	datalen = skb->len - skb->nh.iph->ihl*4;
-
         spin_lock_bh(&quota_lock);
 
-        if (q->quota >= datalen) {
+        if (q->quota >= skb->len) {
                 /* we can afford this one */
-                q->quota -= datalen;
+                q->quota -= skb->len;
                 spin_unlock_bh(&quota_lock);
 
 #ifdef DEBUG_IPT_QUOTA
-                printk("IPT Quota OK: %llu datlen %d \n", q->quota, datalen);
+                printk("IPT Quota OK: %llu datlen %d \n", q->quota, skb->len);
 #endif
                 return 1;
         }
@@ -51,7 +48,7 @@
         q->quota = 0;
 
 #ifdef DEBUG_IPT_QUOTA
-        printk("IPT Quota Failed: %llu datlen %d \n", q->quota, datalen);
+        printk("IPT Quota Failed: %llu datlen %d \n", q->quota, skb->len);
 #endif
 
         spin_unlock_bh(&quota_lock);

More information about the netfilter-cvslog mailing list