diff options
| author | Harald Welte <laforge@netfilter.org> | 2005-10-11 00:21:10 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2005-10-11 00:21:10 -0400 |
| commit | a051a8f7306476af0a74370ad56e793cb6c43bf7 (patch) | |
| tree | 3dc8bc67e6c16a28a0161ed7f7fb55008da3d7d5 | |
| parent | d4875b049b2e6401a6e1fae90b7f09e20a636fcf (diff) | |
[NETFILTER]: Use only 32bit counters for CONNTRACK_ACCT
Initially we used 64bit counters for conntrack-based accounting, since we
had no event mechanism to tell userspace that our counters are about to
overflow. With nfnetlink_conntrack, we now have such a event mechanism and
thus can save 16bytes per connection.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/netfilter/nfnetlink_conntrack.h | 6 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_conntrack.h | 8 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 13 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 8 |
4 files changed, 22 insertions, 13 deletions
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index fb5511030185..116fcaced909 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h | |||
| @@ -84,8 +84,10 @@ enum ctattr_protoinfo_tcp { | |||
| 84 | 84 | ||
| 85 | enum ctattr_counters { | 85 | enum ctattr_counters { |
| 86 | CTA_COUNTERS_UNSPEC, | 86 | CTA_COUNTERS_UNSPEC, |
| 87 | CTA_COUNTERS_PACKETS, | 87 | CTA_COUNTERS_PACKETS, /* old 64bit counters */ |
| 88 | CTA_COUNTERS_BYTES, | 88 | CTA_COUNTERS_BYTES, /* old 64bit counters */ |
| 89 | CTA_COUNTERS32_PACKETS, | ||
| 90 | CTA_COUNTERS32_BYTES, | ||
| 89 | __CTA_COUNTERS_MAX | 91 | __CTA_COUNTERS_MAX |
| 90 | }; | 92 | }; |
| 91 | #define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1) | 93 | #define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1) |
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index 4ced38736813..d078bb91d9e5 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h | |||
| @@ -117,6 +117,10 @@ enum ip_conntrack_events | |||
| 117 | /* NAT info */ | 117 | /* NAT info */ |
| 118 | IPCT_NATINFO_BIT = 10, | 118 | IPCT_NATINFO_BIT = 10, |
| 119 | IPCT_NATINFO = (1 << IPCT_NATINFO_BIT), | 119 | IPCT_NATINFO = (1 << IPCT_NATINFO_BIT), |
| 120 | |||
| 121 | /* Counter highest bit has been set */ | ||
| 122 | IPCT_COUNTER_FILLING_BIT = 11, | ||
| 123 | IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), | ||
| 120 | }; | 124 | }; |
| 121 | 125 | ||
| 122 | enum ip_conntrack_expect_events { | 126 | enum ip_conntrack_expect_events { |
| @@ -192,8 +196,8 @@ do { \ | |||
| 192 | 196 | ||
| 193 | struct ip_conntrack_counter | 197 | struct ip_conntrack_counter |
| 194 | { | 198 | { |
| 195 | u_int64_t packets; | 199 | u_int32_t packets; |
| 196 | u_int64_t bytes; | 200 | u_int32_t bytes; |
| 197 | }; | 201 | }; |
| 198 | 202 | ||
| 199 | struct ip_conntrack_helper; | 203 | struct ip_conntrack_helper; |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index ea65dd3e517a..07a80b56e8dc 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
| @@ -1119,7 +1119,7 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
| 1119 | unsigned long extra_jiffies, | 1119 | unsigned long extra_jiffies, |
| 1120 | int do_acct) | 1120 | int do_acct) |
| 1121 | { | 1121 | { |
| 1122 | int do_event = 0; | 1122 | int event = 0; |
| 1123 | 1123 | ||
| 1124 | IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); | 1124 | IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); |
| 1125 | IP_NF_ASSERT(skb); | 1125 | IP_NF_ASSERT(skb); |
| @@ -1129,13 +1129,13 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
| 1129 | /* If not in hash table, timer will not be active yet */ | 1129 | /* If not in hash table, timer will not be active yet */ |
| 1130 | if (!is_confirmed(ct)) { | 1130 | if (!is_confirmed(ct)) { |
| 1131 | ct->timeout.expires = extra_jiffies; | 1131 | ct->timeout.expires = extra_jiffies; |
| 1132 | do_event = 1; | 1132 | event = IPCT_REFRESH; |
| 1133 | } else { | 1133 | } else { |
| 1134 | /* Need del_timer for race avoidance (may already be dying). */ | 1134 | /* Need del_timer for race avoidance (may already be dying). */ |
| 1135 | if (del_timer(&ct->timeout)) { | 1135 | if (del_timer(&ct->timeout)) { |
| 1136 | ct->timeout.expires = jiffies + extra_jiffies; | 1136 | ct->timeout.expires = jiffies + extra_jiffies; |
| 1137 | add_timer(&ct->timeout); | 1137 | add_timer(&ct->timeout); |
| 1138 | do_event = 1; | 1138 | event = IPCT_REFRESH; |
| 1139 | } | 1139 | } |
| 1140 | } | 1140 | } |
| 1141 | 1141 | ||
| @@ -1144,14 +1144,17 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
| 1144 | ct->counters[CTINFO2DIR(ctinfo)].packets++; | 1144 | ct->counters[CTINFO2DIR(ctinfo)].packets++; |
| 1145 | ct->counters[CTINFO2DIR(ctinfo)].bytes += | 1145 | ct->counters[CTINFO2DIR(ctinfo)].bytes += |
| 1146 | ntohs(skb->nh.iph->tot_len); | 1146 | ntohs(skb->nh.iph->tot_len); |
| 1147 | if ((ct->counters[CTINFO2DIR(ctinfo)].packets & 0x80000000) | ||
| 1148 | || (ct->counters[CTINFO2DIR(ctinfo)].bytes & 0x80000000)) | ||
| 1149 | event |= IPCT_COUNTER_FILLING; | ||
| 1147 | } | 1150 | } |
| 1148 | #endif | 1151 | #endif |
| 1149 | 1152 | ||
| 1150 | write_unlock_bh(&ip_conntrack_lock); | 1153 | write_unlock_bh(&ip_conntrack_lock); |
| 1151 | 1154 | ||
| 1152 | /* must be unlocked when calling event cache */ | 1155 | /* must be unlocked when calling event cache */ |
| 1153 | if (do_event) | 1156 | if (event) |
| 1154 | ip_conntrack_event_cache(IPCT_REFRESH, skb); | 1157 | ip_conntrack_event_cache(event, skb); |
| 1155 | } | 1158 | } |
| 1156 | 1159 | ||
| 1157 | #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ | 1160 | #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ |
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index eade2749915a..06ed91ee8ace 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c | |||
| @@ -177,11 +177,11 @@ ctnetlink_dump_counters(struct sk_buff *skb, const struct ip_conntrack *ct, | |||
| 177 | struct nfattr *nest_count = NFA_NEST(skb, type); | 177 | struct nfattr *nest_count = NFA_NEST(skb, type); |
| 178 | u_int64_t tmp; | 178 | u_int64_t tmp; |
| 179 | 179 | ||
| 180 | tmp = cpu_to_be64(ct->counters[dir].packets); | 180 | tmp = htonl(ct->counters[dir].packets); |
| 181 | NFA_PUT(skb, CTA_COUNTERS_PACKETS, sizeof(u_int64_t), &tmp); | 181 | NFA_PUT(skb, CTA_COUNTERS32_PACKETS, sizeof(u_int32_t), &tmp); |
| 182 | 182 | ||
| 183 | tmp = cpu_to_be64(ct->counters[dir].bytes); | 183 | tmp = htonl(ct->counters[dir].bytes); |
| 184 | NFA_PUT(skb, CTA_COUNTERS_BYTES, sizeof(u_int64_t), &tmp); | 184 | NFA_PUT(skb, CTA_COUNTERS32_BYTES, sizeof(u_int32_t), &tmp); |
| 185 | 185 | ||
| 186 | NFA_NEST_END(skb, nest_count); | 186 | NFA_NEST_END(skb, nest_count); |
| 187 | 187 | ||