[PATCH POM-NG] fix quota on SMP

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH POM-NG] fix quota on SMP
@ 2005-04-12 15:19 Pablo Neira
  2005-04-15  9:26 ` Harald Welte
  0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira @ 2005-04-12 15:19 UTC (permalink / raw)
  To: Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 333 bytes --]

This patch fixes quota on SMP boxes.

o 01-24.patch: For 2.4.x
o 01-26.patch: For 2.6.x
o 02kill-ip-discount.patch: quota doesn't count the size of the IP 
header on 2.6.x.
o quota-iptables.patch: iptables requires this patch to fix SMP for quota.
o x-help: remove `quota is broken on SMP' warning that isn't true anymore.

--
Pablo

[-- Attachment #2: 01-24.patch --]
[-- Type: text/x-patch, Size: 1599 bytes --]

Index: linux/include/linux/netfilter_ipv4/ipt_quota.h
===================================================================
--- linux/include/linux/netfilter_ipv4/ipt_quota.h	(revision 3598)
+++ linux/include/linux/netfilter_ipv4/ipt_quota.h	(working copy)
@@ -6,6 +6,7 @@
 
 struct ipt_quota_info {
         u_int64_t quota;
+	struct ipt_quota_info *master;
 };
 
 #endif /*_IPT_QUOTA_H*/
Index: linux/net/ipv4/netfilter/ipt_quota.c
===================================================================
--- linux/net/ipv4/netfilter/ipt_quota.c	(revision 3598)
+++ linux/net/ipv4/netfilter/ipt_quota.c	(working copy)
@@ -2,6 +2,8 @@
  * netfilter module to enforce network quotas
  *
  * Sam Johnston <samj@samj.net>
+ *
+ * 30/01/05: Fixed on SMP --Pablo Neira <pablo@eurodev.net>
  */
 #include <linux/module.h>
 #include <linux/skbuff.h>
@@ -22,9 +24,9 @@
       const void *matchinfo,
       int offset, const void *hdr, u_int16_t datalen, int *hotdrop)
 {
+	struct ipt_quota_info *q =
+		((struct ipt_quota_info *) matchinfo)->master;
 
-        struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
-
         spin_lock_bh(&quota_lock);
 
         if (q->quota >= datalen) {
@@ -55,8 +57,13 @@
            void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
 {
         /* TODO: spinlocks? sanity checks? */
+	struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
+
         if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info)))
                 return 0;
+	
+	/* For SMP, we only want to use one set of counters. */
+	q->master = q;
 
         return 1;
 }

[-- Attachment #3: 01-26.patch --]
[-- Type: text/x-patch, Size: 1582 bytes --]

Index: linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h
===================================================================
--- linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h	(revision 3598)
+++ linux-2.6/include/linux/netfilter_ipv4/ipt_quota.h	(working copy)
@@ -6,6 +6,7 @@
 
 struct ipt_quota_info {
         u_int64_t quota;
+	struct ipt_quota_info *master;
 };
 
 #endif /*_IPT_QUOTA_H*/
Index: linux-2.6/net/ipv4/netfilter/ipt_quota.c
===================================================================
--- linux-2.6/net/ipv4/netfilter/ipt_quota.c	(revision 3598)
+++ linux-2.6/net/ipv4/netfilter/ipt_quota.c	(working copy)
@@ -2,6 +2,8 @@
  * netfilter module to enforce network quotas
  *
  * Sam Johnston <samj@samj.net>
+ *
+ * 30/01/05: Fixed on SMP --Pablo Neira <pablo@eurodev.net>
  */
 #include <linux/module.h>
 #include <linux/skbuff.h>
@@ -23,7 +25,8 @@
       const void *matchinfo,
       int offset, int *hotdrop)
 {
-        struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
+        struct ipt_quota_info *q = 
+		((struct ipt_quota_info *) matchinfo)->master;
 	unsigned int datalen;
 
 	if (skb->len < sizeof(struct iphdr))
@@ -61,8 +64,13 @@
            void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
 {
         /* TODO: spinlocks? sanity checks? */
+	struct ipt_quota_info *q = (struct ipt_quota_info *) matchinfo;
+
         if (matchsize != IPT_ALIGN(sizeof (struct ipt_quota_info)))
                 return 0;
+	
+	/* For SMP, we only want to use one set of counters. */
+	q->master = q;
 
         return 1;
 }

[-- Attachment #4: 02kill-ip-discount.patch --]
[-- Type: text/x-patch, Size: 1188 bytes --]

--- linux-2.5/net/ipv4/netfilter/ipt_quota.c.orig	2005-04-06 20:25:16.000000000 +0200
+++ linux-2.5/net/ipv4/netfilter/ipt_quota.c	2005-04-06 20:26:48.000000000 +0200
@@ -27,22 +27,19 @@
 {
         struct ipt_quota_info *q = 
 		((struct ipt_quota_info *) matchinfo)->master;
-	unsigned int datalen;
 
 	if (skb->len < sizeof(struct iphdr))
 		return NF_ACCEPT;
 	
-	datalen = skb->len - skb->nh.iph->ihl*4;
-
         spin_lock_bh(&quota_lock);
 
-        if (q->quota >= datalen) {
+        if (q->quota >= skb->len) {
                 /* we can afford this one */
-                q->quota -= datalen;
+                q->quota -= skb->len;
                 spin_unlock_bh(&quota_lock);
 
 #ifdef DEBUG_IPT_QUOTA
-                printk("IPT Quota OK: %llu datlen %d \n", q->quota, datalen);
+                printk("IPT Quota OK: %llu datlen %d \n", q->quota, skb->len);
 #endif
                 return 1;
         }
@@ -51,7 +48,7 @@
         q->quota = 0;
 
 #ifdef DEBUG_IPT_QUOTA
-        printk("IPT Quota Failed: %llu datlen %d \n", q->quota, datalen);
+        printk("IPT Quota Failed: %llu datlen %d \n", q->quota, skb->len);
 #endif
 
         spin_unlock_bh(&quota_lock);

[-- Attachment #5: x-help --]
[-- Type: text/plain, Size: 261 bytes --]

Index: help
===================================================================
--- help	(revision 3598)
+++ help	(working copy)
@@ -4,6 +4,3 @@
 Supported options are:
 --quota <bytes>
   The quota in bytes.
-
-KNOWN BUGS: this does not work on SMP systems.
-

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH POM-NG] fix quota on SMP
  2005-04-12 15:19 [PATCH POM-NG] fix quota on SMP Pablo Neira
@ 2005-04-15  9:26 ` Harald Welte
  0 siblings, 0 replies; 2+ messages in thread
From: Harald Welte @ 2005-04-15  9:26 UTC (permalink / raw)
  To: Pablo Neira; +Cc: Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 954 bytes --]

On Tue, Apr 12, 2005 at 05:19:04PM +0200, Pablo Neira wrote:
> This patch fixes quota on SMP boxes.
> 
> o 01-24.patch: For 2.4.x
> o 01-26.patch: For 2.6.x
> o 02kill-ip-discount.patch: quota doesn't count the size of the IP header on 
> 2.6.x.
> o quota-iptables.patch: iptables requires this patch to fix SMP for quota.
> o x-help: remove `quota is broken on SMP' warning that isn't true anymore.

thanks, applied.

btw: I would appreciate if you would submit all hunks that belong to one
issue (e.g. 01-24, 01-26 and x-help in this example) as one single
patch.

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-04-15  9:26 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-12 15:19 [PATCH POM-NG] fix quota on SMP Pablo Neira
2005-04-15  9:26 ` Harald Welte

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.