diff options
| author | Mathieu Poirier <mathieu.poirier@linaro.org> | 2014-04-20 20:57:36 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-04-29 12:25:14 -0400 |
| commit | 683399eddb9fff742b1a14c5a5d03e12bfc0afff (patch) | |
| tree | e810034ef24dd4f9a57cd9c3137563050bfa7015 /include/uapi/linux | |
| parent | 1404c3ab9810ab155db5e5368af69d4b20ea5aab (diff) | |
netfilter: nfnetlink_acct: Adding quota support to accounting framework
nfacct objects already support accounting at the byte and packet
level. As such it is a natural extension to add the possiblity to
define a ceiling limit for both metrics.
All the support for quotas itself is added to nfnetlink acctounting
framework to stay coherent with current accounting object management.
Quota limit checks are implemented in xt_nfacct filter where
statistic collection is already done.
Pablo Neira Ayuso has also contributed to this feature.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/uapi/linux')
| -rw-r--r-- | include/uapi/linux/netfilter/nfnetlink.h | 2 | ||||
| -rw-r--r-- | include/uapi/linux/netfilter/nfnetlink_acct.h | 9 |
2 files changed, 11 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nfnetlink.h b/include/uapi/linux/netfilter/nfnetlink.h index 596ddd45253c..354a7e5e50f2 100644 --- a/include/uapi/linux/netfilter/nfnetlink.h +++ b/include/uapi/linux/netfilter/nfnetlink.h | |||
| @@ -20,6 +20,8 @@ enum nfnetlink_groups { | |||
| 20 | #define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY | 20 | #define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY |
| 21 | NFNLGRP_NFTABLES, | 21 | NFNLGRP_NFTABLES, |
| 22 | #define NFNLGRP_NFTABLES NFNLGRP_NFTABLES | 22 | #define NFNLGRP_NFTABLES NFNLGRP_NFTABLES |
| 23 | NFNLGRP_ACCT_QUOTA, | ||
| 24 | #define NFNLGRP_ACCT_QUOTA NFNLGRP_ACCT_QUOTA | ||
| 23 | __NFNLGRP_MAX, | 25 | __NFNLGRP_MAX, |
| 24 | }; | 26 | }; |
| 25 | #define NFNLGRP_MAX (__NFNLGRP_MAX - 1) | 27 | #define NFNLGRP_MAX (__NFNLGRP_MAX - 1) |
diff --git a/include/uapi/linux/netfilter/nfnetlink_acct.h b/include/uapi/linux/netfilter/nfnetlink_acct.h index c7b6269e760b..51404ec19022 100644 --- a/include/uapi/linux/netfilter/nfnetlink_acct.h +++ b/include/uapi/linux/netfilter/nfnetlink_acct.h | |||
| @@ -10,15 +10,24 @@ enum nfnl_acct_msg_types { | |||
| 10 | NFNL_MSG_ACCT_GET, | 10 | NFNL_MSG_ACCT_GET, |
| 11 | NFNL_MSG_ACCT_GET_CTRZERO, | 11 | NFNL_MSG_ACCT_GET_CTRZERO, |
| 12 | NFNL_MSG_ACCT_DEL, | 12 | NFNL_MSG_ACCT_DEL, |
| 13 | NFNL_MSG_ACCT_OVERQUOTA, | ||
| 13 | NFNL_MSG_ACCT_MAX | 14 | NFNL_MSG_ACCT_MAX |
| 14 | }; | 15 | }; |
| 15 | 16 | ||
| 17 | enum nfnl_acct_flags { | ||
| 18 | NFACCT_F_QUOTA_PKTS = (1 << 0), | ||
| 19 | NFACCT_F_QUOTA_BYTES = (1 << 1), | ||
| 20 | NFACCT_F_OVERQUOTA = (1 << 2), /* can't be set from userspace */ | ||
| 21 | }; | ||
| 22 | |||
| 16 | enum nfnl_acct_type { | 23 | enum nfnl_acct_type { |
| 17 | NFACCT_UNSPEC, | 24 | NFACCT_UNSPEC, |
| 18 | NFACCT_NAME, | 25 | NFACCT_NAME, |
| 19 | NFACCT_PKTS, | 26 | NFACCT_PKTS, |
| 20 | NFACCT_BYTES, | 27 | NFACCT_BYTES, |
| 21 | NFACCT_USE, | 28 | NFACCT_USE, |
| 29 | NFACCT_FLAGS, | ||
| 30 | NFACCT_QUOTA, | ||
| 22 | __NFACCT_MAX | 31 | __NFACCT_MAX |
| 23 | }; | 32 | }; |
| 24 | #define NFACCT_MAX (__NFACCT_MAX - 1) | 33 | #define NFACCT_MAX (__NFACCT_MAX - 1) |