diff options
| author | JP Abgrall <jpa@google.com> | 2011-07-12 12:02:59 -0700 |
|---|---|---|
| committer | Colin Cross <ccross@android.com> | 2012-04-09 13:57:57 -0700 |
| commit | 18913bc477d66183f729862798996381d5c98290 (patch) | |
| tree | ab94db094d58a3413a000745d514025db2992f86 /README | |
| parent | 7f4e01a48b7b050cbd64685bce7d17adf727132c (diff) | |
netfilter: fixup the quota2, and enable.
The xt_quota2 came from
http://sourceforge.net/projects/xtables-addons/develop
It needed tweaking for it to compile within the kernel tree.
Fixed kmalloc() and create_proc_entry() invocations within
a non-interruptible context.
Removed useless copying of current quota back to the iptable's
struct matchinfo:
- those are per CPU: they will change randomly based on which
cpu gets to update the value.
- they prevent matching a rule: e.g.
-A chain -m quota2 --name q1 --quota 123
can't be followed by
-D chain -m quota2 --name q1 --quota 123
as the 123 will be compared to the struct matchinfo's quota member.
Use the NETLINK NETLINK_NFLOG family to log a single message
when the quota limit is reached.
It uses the same packet type as ipt_ULOG, but
- never copies skb data,
- uses 112 as the event number (ULOG's +1)
It doesn't log if the module param "event_num" is 0.
Change-Id: I021d3b743db3b22158cc49acb5c94d905b501492
Signed-off-by: JP Abgrall <jpa@google.com>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions