netfilter: accounting rework: ct_extend + 64bit counters (v4)

Initially netfilter has had 64bit counters for conntrack-based accounting, but it was changed in 2.6.14 to save memory. Unfortunately in-kernel 64bit counters are still required, for example for "connbytes" extension. However, 64bit counters waste a lot of memory and it was not possible to enable/disable it runtime. This patch: - reimplements accounting with respect to the extension infrastructure, - makes one global version of seq_print_acct() instead of two seq_print_counters(), - makes it possible to enable it at boot time (for CONFIG_SYSCTL/CONFIG_SYSFS=n), - makes it possible to enable/disable it at runtime by sysctl or sysfs, - extends counters from 32bit to 64bit, - renames ip_conntrack_counter -> nf_conn_counter, - enables accounting code unconditionally (no longer depends on CONFIG_NF_CT_ACCT), - set initial accounting enable state based on CONFIG_NF_CT_ACCT - removes buggy IPCT_COUNTER_FILLING event handling. If accounting is enabled newly created connections get additional acct extend. Old connections are not changed as it is not possible to add a ct_extend area to confirmed conntrack. Accounting is performed for all connections with acct extend regardless of a current state of "net.netfilter.nf_conntrack_acct". Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Krzysztof Piotr Oledzki <ole@ans.pl> 2008-07-21 13:01:34 -0400
committer: David S. Miller <davem@davemloft.net> 2008-07-21 13:10:58 -0400
commit: 584015727a3b88b46602b20077b46cd04f8b4ab3 (patch)
tree: a9b4ec18e2181e03ee24b59b30f7408bcbcf140c /include/linux
parent: 07a7c1070ed382ad4562e3a0d453fd2001d92f7b (diff)
2 files changed, 5 insertions, 11 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index bad1eb760f61..885cbe282260 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -122,7 +122,7 @@ enum ip_conntrack_events
        IPCT_NATINFO_BIT = 10,
        IPCT_NATINFO = (1 << IPCT_NATINFO_BIT),
-        /* Counter highest bit has been set */
+        /* Counter highest bit has been set, unused */
        IPCT_COUNTER_FILLING_BIT = 11,
        IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
@@ -145,12 +145,6 @@ enum ip_conntrack_expect_events {
 };
 #ifdef __KERNEL__
-struct ip_conntrack_counter
-{
-        u_int32_t packets;
-        u_int32_t bytes;
-};
 struct ip_conntrack_stat
 {
        unsigned int searched;
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h
index 759bc043dc65..c19595c89304 100644
--- a/include/linux/netfilter/nfnetlink_conntrack.h
+++ b/include/linux/netfilter/nfnetlink_conntrack.h
@@ -115,10 +115,10 @@ enum ctattr_protoinfo_sctp {
 enum ctattr_counters {
        CTA_COUNTERS_UNSPEC,
-        CTA_COUNTERS_PACKETS,           /* old 64bit counters */
+        CTA_COUNTERS_PACKETS,           /* 64bit counters */
-        CTA_COUNTERS_BYTES,             /* old 64bit counters */
+        CTA_COUNTERS_BYTES,             /* 64bit counters */
-        CTA_COUNTERS32_PACKETS,
+        CTA_COUNTERS32_PACKETS,         /* old 32bit counters, unused */
-        CTA_COUNTERS32_BYTES,
+        CTA_COUNTERS32_BYTES,           /* old 32bit counters, unused */
        __CTA_COUNTERS_MAX
 };
 #define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1)
author	Krzysztof Piotr Oledzki <ole@ans.pl>	2008-07-21 13:01:34 -0400
committer	David S. Miller <davem@davemloft.net>	2008-07-21 13:10:58 -0400
commit	584015727a3b88b46602b20077b46cd04f8b4ab3 (patch)
tree	a9b4ec18e2181e03ee24b59b30f7408bcbcf140c /include/linux
parent	07a7c1070ed382ad4562e3a0d453fd2001d92f7b (diff)