diff options
author | Harald Welte <laforge@netfilter.org> | 2005-10-11 00:21:10 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-10-11 00:21:10 -0400 |
commit | a051a8f7306476af0a74370ad56e793cb6c43bf7 (patch) | |
tree | 3dc8bc67e6c16a28a0161ed7f7fb55008da3d7d5 | |
parent | d4875b049b2e6401a6e1fae90b7f09e20a636fcf (diff) |
[NETFILTER]: Use only 32bit counters for CONNTRACK_ACCT
Initially we used 64bit counters for conntrack-based accounting, since we
had no event mechanism to tell userspace that our counters are about to
overflow. With nfnetlink_conntrack, we now have such a event mechanism and
thus can save 16bytes per connection.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/netfilter/nfnetlink_conntrack.h | 6 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ip_conntrack.h | 8 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 13 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 8 |
4 files changed, 22 insertions, 13 deletions
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index fb5511030185..116fcaced909 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h | |||
@@ -84,8 +84,10 @@ enum ctattr_protoinfo_tcp { | |||
84 | 84 | ||
85 | enum ctattr_counters { | 85 | enum ctattr_counters { |
86 | CTA_COUNTERS_UNSPEC, | 86 | CTA_COUNTERS_UNSPEC, |
87 | CTA_COUNTERS_PACKETS, | 87 | CTA_COUNTERS_PACKETS, /* old 64bit counters */ |
88 | CTA_COUNTERS_BYTES, | 88 | CTA_COUNTERS_BYTES, /* old 64bit counters */ |
89 | CTA_COUNTERS32_PACKETS, | ||
90 | CTA_COUNTERS32_BYTES, | ||
89 | __CTA_COUNTERS_MAX | 91 | __CTA_COUNTERS_MAX |
90 | }; | 92 | }; |
91 | #define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1) | 93 | #define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1) |
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index 4ced38736813..d078bb91d9e5 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h | |||
@@ -117,6 +117,10 @@ enum ip_conntrack_events | |||
117 | /* NAT info */ | 117 | /* NAT info */ |
118 | IPCT_NATINFO_BIT = 10, | 118 | IPCT_NATINFO_BIT = 10, |
119 | IPCT_NATINFO = (1 << IPCT_NATINFO_BIT), | 119 | IPCT_NATINFO = (1 << IPCT_NATINFO_BIT), |
120 | |||
121 | /* Counter highest bit has been set */ | ||
122 | IPCT_COUNTER_FILLING_BIT = 11, | ||
123 | IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), | ||
120 | }; | 124 | }; |
121 | 125 | ||
122 | enum ip_conntrack_expect_events { | 126 | enum ip_conntrack_expect_events { |
@@ -192,8 +196,8 @@ do { \ | |||
192 | 196 | ||
193 | struct ip_conntrack_counter | 197 | struct ip_conntrack_counter |
194 | { | 198 | { |
195 | u_int64_t packets; | 199 | u_int32_t packets; |
196 | u_int64_t bytes; | 200 | u_int32_t bytes; |
197 | }; | 201 | }; |
198 | 202 | ||
199 | struct ip_conntrack_helper; | 203 | struct ip_conntrack_helper; |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index ea65dd3e517a..07a80b56e8dc 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -1119,7 +1119,7 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
1119 | unsigned long extra_jiffies, | 1119 | unsigned long extra_jiffies, |
1120 | int do_acct) | 1120 | int do_acct) |
1121 | { | 1121 | { |
1122 | int do_event = 0; | 1122 | int event = 0; |
1123 | 1123 | ||
1124 | IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); | 1124 | IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); |
1125 | IP_NF_ASSERT(skb); | 1125 | IP_NF_ASSERT(skb); |
@@ -1129,13 +1129,13 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
1129 | /* If not in hash table, timer will not be active yet */ | 1129 | /* If not in hash table, timer will not be active yet */ |
1130 | if (!is_confirmed(ct)) { | 1130 | if (!is_confirmed(ct)) { |
1131 | ct->timeout.expires = extra_jiffies; | 1131 | ct->timeout.expires = extra_jiffies; |
1132 | do_event = 1; | 1132 | event = IPCT_REFRESH; |
1133 | } else { | 1133 | } else { |
1134 | /* Need del_timer for race avoidance (may already be dying). */ | 1134 | /* Need del_timer for race avoidance (may already be dying). */ |
1135 | if (del_timer(&ct->timeout)) { | 1135 | if (del_timer(&ct->timeout)) { |
1136 | ct->timeout.expires = jiffies + extra_jiffies; | 1136 | ct->timeout.expires = jiffies + extra_jiffies; |
1137 | add_timer(&ct->timeout); | 1137 | add_timer(&ct->timeout); |
1138 | do_event = 1; | 1138 | event = IPCT_REFRESH; |
1139 | } | 1139 | } |
1140 | } | 1140 | } |
1141 | 1141 | ||
@@ -1144,14 +1144,17 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
1144 | ct->counters[CTINFO2DIR(ctinfo)].packets++; | 1144 | ct->counters[CTINFO2DIR(ctinfo)].packets++; |
1145 | ct->counters[CTINFO2DIR(ctinfo)].bytes += | 1145 | ct->counters[CTINFO2DIR(ctinfo)].bytes += |
1146 | ntohs(skb->nh.iph->tot_len); | 1146 | ntohs(skb->nh.iph->tot_len); |
1147 | if ((ct->counters[CTINFO2DIR(ctinfo)].packets & 0x80000000) | ||
1148 | || (ct->counters[CTINFO2DIR(ctinfo)].bytes & 0x80000000)) | ||
1149 | event |= IPCT_COUNTER_FILLING; | ||
1147 | } | 1150 | } |
1148 | #endif | 1151 | #endif |
1149 | 1152 | ||
1150 | write_unlock_bh(&ip_conntrack_lock); | 1153 | write_unlock_bh(&ip_conntrack_lock); |
1151 | 1154 | ||
1152 | /* must be unlocked when calling event cache */ | 1155 | /* must be unlocked when calling event cache */ |
1153 | if (do_event) | 1156 | if (event) |
1154 | ip_conntrack_event_cache(IPCT_REFRESH, skb); | 1157 | ip_conntrack_event_cache(event, skb); |
1155 | } | 1158 | } |
1156 | 1159 | ||
1157 | #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ | 1160 | #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ |
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index eade2749915a..06ed91ee8ace 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c | |||
@@ -177,11 +177,11 @@ ctnetlink_dump_counters(struct sk_buff *skb, const struct ip_conntrack *ct, | |||
177 | struct nfattr *nest_count = NFA_NEST(skb, type); | 177 | struct nfattr *nest_count = NFA_NEST(skb, type); |
178 | u_int64_t tmp; | 178 | u_int64_t tmp; |
179 | 179 | ||
180 | tmp = cpu_to_be64(ct->counters[dir].packets); | 180 | tmp = htonl(ct->counters[dir].packets); |
181 | NFA_PUT(skb, CTA_COUNTERS_PACKETS, sizeof(u_int64_t), &tmp); | 181 | NFA_PUT(skb, CTA_COUNTERS32_PACKETS, sizeof(u_int32_t), &tmp); |
182 | 182 | ||
183 | tmp = cpu_to_be64(ct->counters[dir].bytes); | 183 | tmp = htonl(ct->counters[dir].bytes); |
184 | NFA_PUT(skb, CTA_COUNTERS_BYTES, sizeof(u_int64_t), &tmp); | 184 | NFA_PUT(skb, CTA_COUNTERS32_BYTES, sizeof(u_int32_t), &tmp); |
185 | 185 | ||
186 | NFA_NEST_END(skb, nest_count); | 186 | NFA_NEST_END(skb, nest_count); |
187 | 187 | ||