From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Alexey Perevalov <a.perevalov@samsung.com>
Cc: alexey.perevalov@hotmail.com, mathieu.poirier@linaro.org,
netfilter-devel@vger.kernel.org, kyungmin.park@samsung.com,
hs81.go@samsung.com
Subject: Re: [PATCH] nfacct: add filter in to the list operation
Date: Tue, 26 Aug 2014 21:45:01 +0200 [thread overview]
Message-ID: <20140826194501.GA4789@salvia> (raw)
In-Reply-To: <1407322384-4655-2-git-send-email-a.perevalov@samsung.com>
Hi Alexey,
I need some minor comestic changes, please address them and resubmit.
See below.
On Wed, Aug 06, 2014 at 02:53:04PM +0400, Alexey Perevalov wrote:
> Filter feature is working through NFACCT_FILTER netlink attribute.
> If kernel doesn't support it, client will not get an error
> and silently will work as before.
Could you add some example usage to the description? Users google for
this, it will be helpful to them.
> Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
> ---
> include/linux/netfilter/nfnetlink_acct.h | 8 ++++
> src/nfacct.c | 62 ++++++++++++++++++++++++++++++
> 2 files changed, 70 insertions(+)
>
> diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h
> index 44dcd17..7542c70 100644
> --- a/include/linux/netfilter/nfnetlink_acct.h
> +++ b/include/linux/netfilter/nfnetlink_acct.h
> @@ -28,10 +28,18 @@ enum nfnl_acct_type {
> NFACCT_USE,
> NFACCT_FLAGS,
> NFACCT_QUOTA,
> + NFACCT_FILTER,
> __NFACCT_MAX
> };
> #define NFACCT_MAX (__NFACCT_MAX - 1)
>
> +enum nfnl_attr_filter_type {
> + NFACCT_FILTER_ATTR_UNSPEC,
> + NFACCT_FILTER_ATTR_MASK,
> + NFACCT_FILTER_ATTR_VALUE,
> + __NFACCT_FILTER_ATTR_MAX
> +};
> +
> #ifdef __KERNEL__
>
> struct nf_acct;
> diff --git a/src/nfacct.c b/src/nfacct.c
> index 091a5c9..860436d 100644
> --- a/src/nfacct.c
> +++ b/src/nfacct.c
> @@ -166,6 +166,49 @@ err:
> return MNL_CB_OK;
> }
>
> +enum filter_selection {
> + NFACCT_FILTER_UNSPEC,
> + NFACCT_FILTER_COUNTERS,
> + NFACCT_FILTER_QUOTA_BYTES,
> + NFACCT_FILTER_QUOTA_PACKETS,
> + NFACCT_FILTER_OVERQUOTA,
> +};
> +
> +#define NFACCT_F_QUOTAS (NFACCT_F_QUOTA_BYTES | NFACCT_F_QUOTA_PKTS)
> +
> +static void nlmsg_build_filter_payload(enum filter_selection *selection,
> + struct nlmsghdr *nlh)
> +{
> + struct nlattr *nest;
> + uint32_t mask = 0, value = 0;
> +
> + if (!selection || *selection == NFACCT_FILTER_UNSPEC)
> + return;
You can use selection == NFACCT_FILTER_UNSPEC instead of !selection,
so you can skip the use of the pointer.
> +
> + nest = mnl_attr_nest_start(nlh, NFACCT_FILTER);
> + if (nest == NULL)
> + return;
> +
> + if (*selection == NFACCT_FILTER_QUOTA_BYTES) {
> + mask = NFACCT_F_QUOTA_BYTES;
> + value = NFACCT_F_QUOTA_BYTES;
> + } else if (*selection == NFACCT_FILTER_QUOTA_PACKETS) {
> + mask = NFACCT_F_QUOTA_PKTS;
> + value = NFACCT_F_QUOTA_PKTS;
> + } else if (*selection == NFACCT_FILTER_COUNTERS) {
> + mask = NFACCT_F_QUOTAS;
> + value = 0; /* counters isn't quotas */
> + } else if (*selection == NFACCT_FILTER_OVERQUOTA) {
> + mask = NFACCT_F_OVERQUOTA;
> + value = NFACCT_F_OVERQUOTA;
> + }
> +
> + mnl_attr_put_u32(nlh, NFACCT_FILTER_ATTR_MASK, mask);
> + mnl_attr_put_u32(nlh, NFACCT_FILTER_ATTR_VALUE, value);
> +
> + mnl_attr_nest_end(nlh, nest);
> +}
> +
> static int nfacct_cmd_list(int argc, char *argv[])
> {
> bool zeroctr = false, xml = false;
> @@ -174,12 +217,30 @@ static int nfacct_cmd_list(int argc, char *argv[])
> struct nlmsghdr *nlh;
> unsigned int seq, portid;
> int ret, i;
> + enum filter_selection selection = NFACCT_FILTER_UNSPEC;
> + struct nfacct *nfacct = nfacct_alloc();
> +
> + if (nfacct == NULL) {
> + nfacct_perror("OOM");
> + return -1;
> + }
>
> for (i=2; i<argc; i++) {
> if (strncmp(argv[i], "reset", strlen(argv[i])) == 0) {
> zeroctr = true;
> } else if (strncmp(argv[i], "xml", strlen(argv[i])) == 0) {
> xml = true;
> + } else if (strncmp(argv[i], "counters", strlen(argv[i])) == 0) {
> + selection = NFACCT_FILTER_COUNTERS;
> + } else if (strncmp(argv[i], "byte_quotas", strlen(argv[i]))
quota-byte instead of byte_quotas.
> + == 0) {
> + selection = NFACCT_FILTER_QUOTA_BYTES;
> + } else if (strncmp(argv[i], "packet_quotas", strlen(argv[i]))
quota-packet instead.
> + == 0) {
> + selection = NFACCT_FILTER_QUOTA_PACKETS;
> + } else if (strncmp(argv[i], "overquota", strlen(argv[i]))
> + == 0) {
> + selection = NFACCT_FILTER_OVERQUOTA;
> } else {
> nfacct_perror("unknown argument");
> return -1;
> @@ -192,6 +253,7 @@ static int nfacct_cmd_list(int argc, char *argv[])
> NFNL_MSG_ACCT_GET,
> NLM_F_DUMP, seq);
>
> + nlmsg_build_filter_payload(&selection, nlh);
> nl = mnl_socket_open(NETLINK_NETFILTER);
> if (nl == NULL) {
> nfacct_perror("mnl_socket_open");
> --
> 1.7.9.5
>
next prev parent reply other threads:[~2014-08-26 19:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-06 10:53 [PATCH] nfacct: add filter in to the list operation Alexey Perevalov
2014-08-06 10:53 ` Alexey Perevalov
2014-08-26 19:45 ` Pablo Neira Ayuso [this message]
2014-09-07 6:32 ` Alexey Perevalov
2014-09-07 6:33 ` [PATCH V2] " Alexey Perevalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140826194501.GA4789@salvia \
--to=pablo@netfilter.org \
--cc=a.perevalov@samsung.com \
--cc=alexey.perevalov@hotmail.com \
--cc=hs81.go@samsung.com \
--cc=kyungmin.park@samsung.com \
--cc=mathieu.poirier@linaro.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).