From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org
Subject: netfilter 02/06: nfnetlink_log: fix per-rule qthreshold override
Date: Tue, 24 Feb 2009 15:52:46 +0100 (MET) [thread overview]
Message-ID: <20090224145246.9789.79896.sendpatchset@x2.localnet> (raw)
In-Reply-To: <20090224145243.9789.60678.sendpatchset@x2.localnet>
commit 5ca431f9ae8db8c6edb9c64bebe6d6521077afd6
Author: Eric Leblond <eric@inl.fr>
Date: Wed Feb 18 15:29:23 2009 +0100
netfilter: nfnetlink_log: fix per-rule qthreshold override
In NFLOG the per-rule qthreshold should overrides per-instance only
it is set. With current code, the per-rule qthreshold is 1 if not set
and it overrides the per-instance qthreshold.
This patch modifies the default xt_NFLOG threshold from 1 to
0. Thus a value of 0 means there is no per-rule setting and the instance
parameter has to apply.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h
index cdcd0ed..4b36aeb 100644
--- a/include/linux/netfilter/xt_NFLOG.h
+++ b/include/linux/netfilter/xt_NFLOG.h
@@ -2,7 +2,7 @@
#define _XT_NFLOG_TARGET
#define XT_NFLOG_DEFAULT_GROUP 0x1
-#define XT_NFLOG_DEFAULT_THRESHOLD 1
+#define XT_NFLOG_DEFAULT_THRESHOLD 0
#define XT_NFLOG_MASK 0x0
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index fa49dc7..580b837 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -590,8 +590,10 @@ nfulnl_log_packet(u_int8_t pf,
qthreshold = inst->qthreshold;
/* per-rule qthreshold overrides per-instance */
- if (qthreshold > li->u.ulog.qthreshold)
- qthreshold = li->u.ulog.qthreshold;
+ if (li->u.ulog.qthreshold)
+ if (qthreshold > li->u.ulog.qthreshold)
+ qthreshold = li->u.ulog.qthreshold;
+
switch (inst->copy_mode) {
case NFULNL_COPY_META:
next prev parent reply other threads:[~2009-02-24 14:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-24 14:52 netfilter 00/06: netfilter fixes Patrick McHardy
2009-02-24 14:52 ` netfilter 01/06: nf_conntrack_ipv6: fix nf_log_packet message in icmpv6 conntrack Patrick McHardy
2009-02-24 14:52 ` Patrick McHardy [this message]
2009-02-24 14:52 ` netfilter 03/06: nfnetlink_log: fix timeout handling Patrick McHardy
2009-02-24 14:52 ` netfilter 04/06: nf_conntrack: don't try to deliver events for untracked connections Patrick McHardy
2009-02-24 14:52 ` netfilter 05/06: make proc/net/ip* print names from foreign NFPROTO Patrick McHardy
2009-02-24 14:52 ` netfilter 06/06: xt_recent: fix proc-file addition/removal of IPv4 addresses Patrick McHardy
2009-02-24 21:50 ` netfilter 00/06: netfilter fixes David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090224145246.9789.79896.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.