[Devel] [PATCH rh7] netfilter: account x_tables to ub

Fri May 29 05:14:46 PDT 2015

On Fri, May 29, 2015 at 03:07:07PM +0300, Andrew Vagin wrote:
> > +static int recharge_xtables(struct xt_table_info *new, struct xt_table_info *old)
> > +{
> > +	struct user_beancounter *ub, *old_ub;
> > +	long change;
> > +
> > +	ub = new->ub;
> > +	old_ub = old->number ? old->ub : ub;
> > +	change = (long)new->number - (long)old->number;
> > +	if (old_ub != ub) {
> > +		printk(KERN_WARNING "iptables resources are charged"
> > +				" from different UB (%s -> %s)\n",
> > +				old_ub->ub_name, ub->ub_name);
> > +		change = new->number;
> 
> do we need to unchage old->number from old_ub?

We do it below.

> 
> > +	}
> > +
> > +	if (change > 0) {
> > +		if (charge_beancounter(ub, UB_NUMXTENT, change, UB_SOFT))
> > +			return -ENOMEM;
> > +	} else if (change < 0)
> > +		uncharge_beancounter(ub, UB_NUMXTENT, -change);
> > +
> > +	if (old_ub != ub)
> > +		uncharge_beancounter(old_ub, UB_NUMXTENT, old->number);
> > +
> > +	return 0;
> > +}