anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-20 11:34:57 +02:00
Code Issues Releases Wiki Activity

quota2: add a no-change mode

Browse Source 
This commit adds an option to xt_quota2 called "no-change". The
effect of this option, when used, is that it will skip incrementing
or decrementing the quota counter, effectively providing a quota test
only.

The reason for implementing this is so that I could have a rule check
if quota is available for a rule in the PREROUTING tables, without
actually decrementing the amount of available quota. I only wanted to
decrement the amount of available quota in the FORWARD rule.
Otherwise, the first packet of every connection would be counted
twice.
This commit is contained in:
Michael Farrell
2009-12-29 01:53:57 +10:30
committed by Jan Engelhardt
parent c82da14d2b
commit 7952a7d253
5 changed files with 44 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
extensions/libxt_quota2.c
View File

@@ -17,17 +17,19 @@
#include "xt_quota2.h"
enum {
FL_QUOTA = 1 << 0,
FL_NAME = 1 << 1,
FL_GROW = 1 << 2,
FL_PACKET = 1 << 3,
FL_QUOTA = 1 << 0,
FL_NAME = 1 << 1,
FL_GROW = 1 << 2,
FL_PACKET = 1 << 3,
FL_NO_CHANGE = 1 << 4,
};
static const struct option quota_mt2_opts[] = {
{.name = "grow", .has_arg = false, .val = 'g'},
{.name = "name", .has_arg = true, .val = 'n'},
{.name = "quota", .has_arg = true, .val = 'q'},
{.name = "packets", .has_arg = false, .val = 'p'},
{.name = "grow", .has_arg = false, .val = 'g'},
{.name = "no-change", .has_arg = false, .val = 'c'},
{.name = "name", .has_arg = true, .val = 'n'},
{.name = "quota", .has_arg = true, .val = 'q'},
{.name = "packets", .has_arg = false, .val = 'p'},
{NULL},
};
@@ -36,6 +38,7 @@ static void quota_mt2_help(void)
printf(
"quota match options:\n"
" --grow provide an increasing counter\n"
" --no-change never change counter/quota value for matching packets\n"
" --name name name for the file in sysfs\n"
"[!] --quota quota initial quota (bytes or packets)\n"
" --packets count packets instead of bytes\n"
@@ -56,6 +59,12 @@ quota_mt2_parse(int c, char **argv, int invert, unsigned int *flags,
info->flags |= XT_QUOTA_GROW;
*flags |= FL_GROW;
return true;
case 'c': /* no-change */
xtables_param_act(XTF_ONLY_ONCE, "quota", "--no-change", *flags & FL_NO_CHANGE);
xtables_param_act(XTF_NO_INVERT, "quota", "--no-change", invert);
info->flags |= XT_QUOTA_NO_CHANGE;
*flags |= FL_NO_CHANGE;
return true;
case 'n':
/* zero termination done on behalf of the kernel module */
xtables_param_act(XTF_ONLY_ONCE, "quota", "--name", *flags & FL_NAME);
@@ -92,6 +101,8 @@ quota_mt2_save(const void *ip, const struct xt_entry_match *match)
printf("! ");
if (q->flags & XT_QUOTA_GROW)
printf("--grow ");
if (q->flags & XT_QUOTA_NO_CHANGE)
printf("--no-change ");
if (q->flags & XT_QUOTA_PACKET)
printf("--packets ");
if (*q->name != '\0')
@@ -117,6 +128,8 @@ static void quota_mt2_print(const void *ip, const struct xt_entry_match *match,
printf("packets ");
else
printf("bytes ");
if (q->flags & XT_QUOTA_NO_CHANGE)
printf("(no-change mode) ");
}
static struct xtables_match quota_mt2_reg = {