| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Oct 2018 12:15:56 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: Maciej Żenczykowski <zenczykowski@...il.com>
Cc: Chenbo Feng <chenbofeng.kernel@...il.com>,
Linux NetDev <netdev@...r.kernel.org>,
netfilter-devel@...r.kernel.org, kernel-team@...roid.com,
Lorenzo Colitti <lorenzo@...gle.com>,
Chenbo Feng <fengc@...gle.com>,
Maciej Zenczykowski <maze@...gle.com>
Subject: Re: [PATCH net-next] netfilter: xt_quota: fix the behavior of
xt_quota module
On Tue, Oct 02, 2018 at 12:11:19PM +0200, Pablo Neira Ayuso wrote:
> Hi Maciej!
>
[...]
> On Tue, Oct 02, 2018 at 01:24:29AM -0700, Maciej Żenczykowski wrote:
> > > I guess problem is userspace may get a current counter that is larger
> > > than the quota, but we could handle this from userspace iptables to
> > > print a value that equals the quota, ie. from userspace, before
> > > printing:
> >
> > I'm not sure what you mean.
>
> I mean: Instead of using atomic64_set() to set the counter to 1 once
> we went over quota,
incomplete sentence, sorry:
I mean: Instead of using atomic64_set() to set the counter to 1 once
we go overquota, we just keep updating 'consumed' bytes.
ie. we don't express things in 'remaining bytes' logic, but we account
for 'bytes we already consumed'. So we never go negative - I know
understand what you mean about -1... I think we are each other
thinking from our respective approach proposal.
:-)
Thanks!
Powered by blists - more mailing lists