Commit f7b13e43 authored by Holger Eitzenberger's avatar Holger Eitzenberger Committed by Pablo Neira Ayuso

netfilter: introduce nf_conn_acct structure

Encapsulate counters for both directions into nf_conn_acct. During
that process also consistently name pointers to the extend 'acct',
not 'counters'. This patch is a cleanup.
Signed-off-by: default avatarHolger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 97203abe
...@@ -19,17 +19,21 @@ struct nf_conn_counter { ...@@ -19,17 +19,21 @@ struct nf_conn_counter {
atomic64_t bytes; atomic64_t bytes;
}; };
struct nf_conn_acct {
struct nf_conn_counter counter[IP_CT_DIR_MAX];
};
static inline static inline
struct nf_conn_counter *nf_conn_acct_find(const struct nf_conn *ct) struct nf_conn_acct *nf_conn_acct_find(const struct nf_conn *ct)
{ {
return nf_ct_ext_find(ct, NF_CT_EXT_ACCT); return nf_ct_ext_find(ct, NF_CT_EXT_ACCT);
} }
static inline static inline
struct nf_conn_counter *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp) struct nf_conn_acct *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp)
{ {
struct net *net = nf_ct_net(ct); struct net *net = nf_ct_net(ct);
struct nf_conn_counter *acct; struct nf_conn_acct *acct;
if (!net->ct.sysctl_acct) if (!net->ct.sysctl_acct)
return NULL; return NULL;
......
...@@ -36,7 +36,7 @@ enum nf_ct_ext_id { ...@@ -36,7 +36,7 @@ enum nf_ct_ext_id {
#define NF_CT_EXT_HELPER_TYPE struct nf_conn_help #define NF_CT_EXT_HELPER_TYPE struct nf_conn_help
#define NF_CT_EXT_NAT_TYPE struct nf_conn_nat #define NF_CT_EXT_NAT_TYPE struct nf_conn_nat
#define NF_CT_EXT_SEQADJ_TYPE struct nf_conn_seqadj #define NF_CT_EXT_SEQADJ_TYPE struct nf_conn_seqadj
#define NF_CT_EXT_ACCT_TYPE struct nf_conn_counter #define NF_CT_EXT_ACCT_TYPE struct nf_conn_acct
#define NF_CT_EXT_ECACHE_TYPE struct nf_conntrack_ecache #define NF_CT_EXT_ECACHE_TYPE struct nf_conntrack_ecache
#define NF_CT_EXT_ZONE_TYPE struct nf_conntrack_zone #define NF_CT_EXT_ZONE_TYPE struct nf_conntrack_zone
#define NF_CT_EXT_TSTAMP_TYPE struct nf_conn_tstamp #define NF_CT_EXT_TSTAMP_TYPE struct nf_conn_tstamp
......
...@@ -39,21 +39,23 @@ static struct ctl_table acct_sysctl_table[] = { ...@@ -39,21 +39,23 @@ static struct ctl_table acct_sysctl_table[] = {
unsigned int unsigned int
seq_print_acct(struct seq_file *s, const struct nf_conn *ct, int dir) seq_print_acct(struct seq_file *s, const struct nf_conn *ct, int dir)
{ {
struct nf_conn_counter *acct; struct nf_conn_acct *acct;
struct nf_conn_counter *counter;
acct = nf_conn_acct_find(ct); acct = nf_conn_acct_find(ct);
if (!acct) if (!acct)
return 0; return 0;
counter = acct->counter;
return seq_printf(s, "packets=%llu bytes=%llu ", return seq_printf(s, "packets=%llu bytes=%llu ",
(unsigned long long)atomic64_read(&acct[dir].packets), (unsigned long long)atomic64_read(&counter[dir].packets),
(unsigned long long)atomic64_read(&acct[dir].bytes)); (unsigned long long)atomic64_read(&counter[dir].bytes));
}; };
EXPORT_SYMBOL_GPL(seq_print_acct); EXPORT_SYMBOL_GPL(seq_print_acct);
static struct nf_ct_ext_type acct_extend __read_mostly = { static struct nf_ct_ext_type acct_extend __read_mostly = {
.len = sizeof(struct nf_conn_counter[IP_CT_DIR_MAX]), .len = sizeof(struct nf_conn_acct),
.align = __alignof__(struct nf_conn_counter[IP_CT_DIR_MAX]), .align = __alignof__(struct nf_conn_acct),
.id = NF_CT_EXT_ACCT, .id = NF_CT_EXT_ACCT,
}; };
......
...@@ -1109,12 +1109,14 @@ void __nf_ct_refresh_acct(struct nf_conn *ct, ...@@ -1109,12 +1109,14 @@ void __nf_ct_refresh_acct(struct nf_conn *ct,
acct: acct:
if (do_acct) { if (do_acct) {
struct nf_conn_counter *acct; struct nf_conn_acct *acct;
acct = nf_conn_acct_find(ct); acct = nf_conn_acct_find(ct);
if (acct) { if (acct) {
atomic64_inc(&acct[CTINFO2DIR(ctinfo)].packets); struct nf_conn_counter *counter = acct->counter;
atomic64_add(skb->len, &acct[CTINFO2DIR(ctinfo)].bytes);
atomic64_inc(&counter[CTINFO2DIR(ctinfo)].packets);
atomic64_add(skb->len, &counter[CTINFO2DIR(ctinfo)].bytes);
} }
} }
} }
...@@ -1126,13 +1128,15 @@ bool __nf_ct_kill_acct(struct nf_conn *ct, ...@@ -1126,13 +1128,15 @@ bool __nf_ct_kill_acct(struct nf_conn *ct,
int do_acct) int do_acct)
{ {
if (do_acct) { if (do_acct) {
struct nf_conn_counter *acct; struct nf_conn_acct *acct;
acct = nf_conn_acct_find(ct); acct = nf_conn_acct_find(ct);
if (acct) { if (acct) {
atomic64_inc(&acct[CTINFO2DIR(ctinfo)].packets); struct nf_conn_counter *counter = acct->counter;
atomic64_inc(&counter[CTINFO2DIR(ctinfo)].packets);
atomic64_add(skb->len - skb_network_offset(skb), atomic64_add(skb->len - skb_network_offset(skb),
&acct[CTINFO2DIR(ctinfo)].bytes); &counter[CTINFO2DIR(ctinfo)].bytes);
} }
} }
......
...@@ -237,19 +237,21 @@ static int ...@@ -237,19 +237,21 @@ static int
ctnetlink_dump_counters(struct sk_buff *skb, const struct nf_conn *ct, ctnetlink_dump_counters(struct sk_buff *skb, const struct nf_conn *ct,
enum ip_conntrack_dir dir, int type) enum ip_conntrack_dir dir, int type)
{ {
struct nf_conn_counter *acct; struct nf_conn_acct *acct;
struct nf_conn_counter *counter;
u64 pkts, bytes; u64 pkts, bytes;
acct = nf_conn_acct_find(ct); acct = nf_conn_acct_find(ct);
if (!acct) if (!acct)
return 0; return 0;
counter = acct->counter;
if (type == IPCTNL_MSG_CT_GET_CTRZERO) { if (type == IPCTNL_MSG_CT_GET_CTRZERO) {
pkts = atomic64_xchg(&acct[dir].packets, 0); pkts = atomic64_xchg(&counter[dir].packets, 0);
bytes = atomic64_xchg(&acct[dir].bytes, 0); bytes = atomic64_xchg(&counter[dir].bytes, 0);
} else { } else {
pkts = atomic64_read(&acct[dir].packets); pkts = atomic64_read(&counter[dir].packets);
bytes = atomic64_read(&acct[dir].bytes); bytes = atomic64_read(&counter[dir].bytes);
} }
return dump_counters(skb, pkts, bytes, dir); return dump_counters(skb, pkts, bytes, dir);
} }
...@@ -530,7 +532,7 @@ ctnetlink_proto_size(const struct nf_conn *ct) ...@@ -530,7 +532,7 @@ ctnetlink_proto_size(const struct nf_conn *ct)
} }
static inline size_t static inline size_t
ctnetlink_counters_size(const struct nf_conn *ct) ctnetlink_acct_size(const struct nf_conn *ct)
{ {
if (!nf_ct_ext_exist(ct, NF_CT_EXT_ACCT)) if (!nf_ct_ext_exist(ct, NF_CT_EXT_ACCT))
return 0; return 0;
...@@ -579,7 +581,7 @@ ctnetlink_nlmsg_size(const struct nf_conn *ct) ...@@ -579,7 +581,7 @@ ctnetlink_nlmsg_size(const struct nf_conn *ct)
+ 3 * nla_total_size(sizeof(u_int8_t)) /* CTA_PROTO_NUM */ + 3 * nla_total_size(sizeof(u_int8_t)) /* CTA_PROTO_NUM */
+ nla_total_size(sizeof(u_int32_t)) /* CTA_ID */ + nla_total_size(sizeof(u_int32_t)) /* CTA_ID */
+ nla_total_size(sizeof(u_int32_t)) /* CTA_STATUS */ + nla_total_size(sizeof(u_int32_t)) /* CTA_STATUS */
+ ctnetlink_counters_size(ct) + ctnetlink_acct_size(ct)
+ ctnetlink_timestamp_size(ct) + ctnetlink_timestamp_size(ct)
+ nla_total_size(sizeof(u_int32_t)) /* CTA_TIMEOUT */ + nla_total_size(sizeof(u_int32_t)) /* CTA_TIMEOUT */
+ nla_total_size(0) /* CTA_PROTOINFO */ + nla_total_size(0) /* CTA_PROTOINFO */
......
...@@ -26,16 +26,18 @@ connbytes_mt(const struct sk_buff *skb, struct xt_action_param *par) ...@@ -26,16 +26,18 @@ connbytes_mt(const struct sk_buff *skb, struct xt_action_param *par)
u_int64_t what = 0; /* initialize to make gcc happy */ u_int64_t what = 0; /* initialize to make gcc happy */
u_int64_t bytes = 0; u_int64_t bytes = 0;
u_int64_t pkts = 0; u_int64_t pkts = 0;
const struct nf_conn_acct *acct;
const struct nf_conn_counter *counters; const struct nf_conn_counter *counters;
ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo);
if (!ct) if (!ct)
return false; return false;
counters = nf_conn_acct_find(ct); acct = nf_conn_acct_find(ct);
if (!counters) if (!acct)
return false; return false;
counters = acct->counter;
switch (sinfo->what) { switch (sinfo->what) {
case XT_CONNBYTES_PKTS: case XT_CONNBYTES_PKTS:
switch (sinfo->direction) { switch (sinfo->direction) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment