netfilter: nf_conntrack: properly account terminating packets

Currently the last packet of a connection isn't accounted when its causing abnormal termination. Introduces nf_ct_kill_acct() which increments the accounting counters on conntrack kill. The new function was necessary, because there are calls to nf_ct_kill() which don't need accounting: nf_conntrack_proto_tcp.c line ~847: Kills ct and returns NF_REPEAT. We don't want to count twice. nf_conntrack_proto_tcp.c line ~880: Kills ct and returns NF_DROP. I think we don't want to count dropped packets. nf_conntrack_netlink.c line ~824: As far as I can see ctnetlink_del_conntrack() is used to destroy a conntrack on behalf of the user. There is an sk_buff, but I don't think this is an actual packet. Incrementing counters here is therefore not desired. Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Fabian Hugelshofer <hugelshofer2006@gmx.ch> 2008-06-09 18:59:40 -0400
committer: David S. Miller <davem@davemloft.net> 2008-06-09 18:59:40 -0400
commit: 718d4ad98e272daebc258e49dc02f52a6a8de9d3 (patch)
tree: 0f284b8df129db4fbc728499b8565667dce2eb94 /include/net
parent: 51091764f26ec36c02e35166f083193a30f426fc (diff)
1 files changed, 18 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index fc19ab23eeaa..d77dec768dc2 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -223,7 +223,24 @@ static inline void nf_ct_refresh(struct nf_conn *ct,
        __nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0);
 }
-extern void nf_ct_kill(struct nf_conn *ct);
+extern void __nf_ct_kill_acct(struct nf_conn *ct,
+                                enum ip_conntrack_info ctinfo,
+                                const struct sk_buff *skb,
+                                int do_acct);
+/* kill conntrack and do accounting */
+static inline void nf_ct_kill_acct(struct nf_conn *ct,
+                                enum ip_conntrack_info ctinfo,
+                                const struct sk_buff *skb)
+{
+        __nf_ct_kill_acct(ct, ctinfo, skb, 1);
+}
+/* kill conntrack without accounting */
+static inline void nf_ct_kill(struct nf_conn *ct)
+{
+        __nf_ct_kill_acct(ct, 0, NULL, 0);
+}
 /* These are for NAT.  Icky. */
 /* Update TCP window tracking data when NAT mangles the packet */
author	Fabian Hugelshofer <hugelshofer2006@gmx.ch>	2008-06-09 18:59:40 -0400
committer	David S. Miller <davem@davemloft.net>	2008-06-09 18:59:40 -0400
commit	718d4ad98e272daebc258e49dc02f52a6a8de9d3 (patch)
tree	0f284b8df129db4fbc728499b8565667dce2eb94 /include/net
parent	51091764f26ec36c02e35166f083193a30f426fc (diff)

diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index fc19ab23eeaa..d77dec768dc2 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h
@@ -223,7 +223,24 @@ static inline void nf_ct_refresh(struct nf_conn *ct,
223	__nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0);	223	__nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0);
224	}	224	}
225		225
226	extern void nf_ct_kill(struct nf_conn *ct);	226	extern void __nf_ct_kill_acct(struct nf_conn *ct,
		227	enum ip_conntrack_info ctinfo,
		228	const struct sk_buff *skb,
		229	int do_acct);
		230
		231	/* kill conntrack and do accounting */
		232	static inline void nf_ct_kill_acct(struct nf_conn *ct,
		233	enum ip_conntrack_info ctinfo,
		234	const struct sk_buff *skb)
		235	{
		236	__nf_ct_kill_acct(ct, ctinfo, skb, 1);
		237	}
		238
		239	/* kill conntrack without accounting */
		240	static inline void nf_ct_kill(struct nf_conn *ct)
		241	{
		242	__nf_ct_kill_acct(ct, 0, NULL, 0);
		243	}
227		244
228	/* These are for NAT. Icky. */	245	/* These are for NAT. Icky. */
229	/* Update TCP window tracking data when NAT mangles the packet */	246	/* Update TCP window tracking data when NAT mangles the packet */