07 Aug, 2015

1 commit

• 3499abb24   netfilter: nfacct: per network namespace support ... Browse Code »

  - Move the nfnl_acct_list into the network namespace, initialize
  and destroy it per namespace
  - Keep track of refcnt on nfacct objects, the old logic does not
  longer work with a per namespace list
  - Adjust xt_nfacct to pass the namespace when registring objects

  Signed-off-by: Andreas Schultz
  Signed-off-by: Pablo Neira Ayuso

  Andreas Schultz

  2015-08-07 17:50:56 +0800  

30 Apr, 2014

1 commit

• 683399edd   netfilter: nfnetlink_acct: Adding quota support to accounting framework ... Browse Code »

  nfacct objects already support accounting at the byte and packet
  level. As such it is a natural extension to add the possiblity to
  define a ceiling limit for both metrics.

  All the support for quotas itself is added to nfnetlink acctounting
  framework to stay coherent with current accounting object management.
  Quota limit checks are implemented in xt_nfacct filter where
  statistic collection is already done.

  Pablo Neira Ayuso has also contributed to this feature.

  Signed-off-by: Mathieu Poirier
  Signed-off-by: Pablo Neira Ayuso

  Mathieu Poirier

  2014-04-30 00:25:14 +0800  

25 Dec, 2011

1 commit

• ceb98d03e   netfilter: xtables: add nfacct match to support extended accounting ... Browse Code »

  This patch adds the match that allows to perform extended
  accounting. It requires the new nfnetlink_acct infrastructure.

  # iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic
  # iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic

  Signed-off-by: Pablo Neira Ayuso

  Pablo Neira Ayuso

  2011-12-25 09:43:17 +0800