| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This is based on the JSON support patch of libnetfilter_acct.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Filter feature is working through NFACCT_FILTER netlink attribute.
If kernel doesn't support it, client will not get an error
and silently will work as before.
This patch adds following command line arguments: counters, overquota,
bytes-quota, pkts-quota. Which could be used with list operation.
Combination of these command line options isn't allowed.
For example.
user@root:/#nfacct list counters
will show counters without byte/packet based quota
user@root:/#nfacct list reset overquota
will reset value for overquoted counters only
Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
It was possible to specify several equal options for list operation.
Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
The EOF character alone should determine the end of input during
restore operations.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Simplify the code that was added in ba16753 ("nfacct: adding quota
capabilities").
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The accounting framework now supports quota at the packet and byte
level. The tool is simply enhanced with two optional arguments to
specify the whether accounting for byte of packet and the limit
associated with each. Also adding a monitor mode that listens for
quota attainment notification.
Examples:
/* create an accounting object that isn't associated to a quota */
$ nfacct add first_no_quota
/* create a quota object with byte count limited to 50 byte */
$ nfacct add second_quota byte 50
/* create a quota object with packet count limited to 5 */
$ nfacct add third_quota packet 5
From there the accounting objects can be used in iptables the same
way as they did before:
/* limit the number of icmp packets allowed through the OUTPUT chain */
$ iptables -I OUTPUT -p icmp -m nfacct --nfacct-name third_quota -j REJECT
/* listening for quota attainment notification */
$ nfacct monitor
Everything else works the same way.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
They are 64 bits long, not 32 bits long.
Based on patch from Mr Dash Four.
Reported-by: Mr Dash Four <mr.dash.four@googlemail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a 'restore' command to nfacct commands. It takes
the output of 'list' command and use it to restore the counters.
Basically, the user can save the counter with:
nfacct list >nfacct.dump
And restore them with:
nfacct restore <nfacct.dump
Signed-off-by: Eric Leblond <eric@regit.org>
|
|
|
|
|
|
|
| |
This patch fixes a small typo in the command line parsing.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch allows you to make:
nfacct get http-traffic xml
to obtain the statistics in XML format.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
SuSE (via Jan Engelhardt) reported that nfacct.c header was not
consistent with the COPYING file.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
nfacct get example lala
now gracefully fails.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
More robust behaviour, display error if you pass more arguments
than require.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|