diff options
author | Harald Welte <laforge@netfilter.org> | 2005-10-11 00:21:10 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-10-11 00:21:10 -0400 |
commit | a051a8f7306476af0a74370ad56e793cb6c43bf7 (patch) | |
tree | 3dc8bc67e6c16a28a0161ed7f7fb55008da3d7d5 /net | |
parent | d4875b049b2e6401a6e1fae90b7f09e20a636fcf (diff) |
[NETFILTER]: Use only 32bit counters for CONNTRACK_ACCT
Initially we used 64bit counters for conntrack-based accounting, since we
had no event mechanism to tell userspace that our counters are about to
overflow. With nfnetlink_conntrack, we now have such a event mechanism and
thus can save 16bytes per connection.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 13 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netlink.c | 8 |
2 files changed, 12 insertions, 9 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index ea65dd3e517a..07a80b56e8dc 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -1119,7 +1119,7 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
1119 | unsigned long extra_jiffies, | 1119 | unsigned long extra_jiffies, |
1120 | int do_acct) | 1120 | int do_acct) |
1121 | { | 1121 | { |
1122 | int do_event = 0; | 1122 | int event = 0; |
1123 | 1123 | ||
1124 | IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); | 1124 | IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); |
1125 | IP_NF_ASSERT(skb); | 1125 | IP_NF_ASSERT(skb); |
@@ -1129,13 +1129,13 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
1129 | /* If not in hash table, timer will not be active yet */ | 1129 | /* If not in hash table, timer will not be active yet */ |
1130 | if (!is_confirmed(ct)) { | 1130 | if (!is_confirmed(ct)) { |
1131 | ct->timeout.expires = extra_jiffies; | 1131 | ct->timeout.expires = extra_jiffies; |
1132 | do_event = 1; | 1132 | event = IPCT_REFRESH; |
1133 | } else { | 1133 | } else { |
1134 | /* Need del_timer for race avoidance (may already be dying). */ | 1134 | /* Need del_timer for race avoidance (may already be dying). */ |
1135 | if (del_timer(&ct->timeout)) { | 1135 | if (del_timer(&ct->timeout)) { |
1136 | ct->timeout.expires = jiffies + extra_jiffies; | 1136 | ct->timeout.expires = jiffies + extra_jiffies; |
1137 | add_timer(&ct->timeout); | 1137 | add_timer(&ct->timeout); |
1138 | do_event = 1; | 1138 | event = IPCT_REFRESH; |
1139 | } | 1139 | } |
1140 | } | 1140 | } |
1141 | 1141 | ||
@@ -1144,14 +1144,17 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct, | |||
1144 | ct->counters[CTINFO2DIR(ctinfo)].packets++; | 1144 | ct->counters[CTINFO2DIR(ctinfo)].packets++; |
1145 | ct->counters[CTINFO2DIR(ctinfo)].bytes += | 1145 | ct->counters[CTINFO2DIR(ctinfo)].bytes += |
1146 | ntohs(skb->nh.iph->tot_len); | 1146 | ntohs(skb->nh.iph->tot_len); |
1147 | if ((ct->counters[CTINFO2DIR(ctinfo)].packets & 0x80000000) | ||
1148 | || (ct->counters[CTINFO2DIR(ctinfo)].bytes & 0x80000000)) | ||
1149 | event |= IPCT_COUNTER_FILLING; | ||
1147 | } | 1150 | } |
1148 | #endif | 1151 | #endif |
1149 | 1152 | ||
1150 | write_unlock_bh(&ip_conntrack_lock); | 1153 | write_unlock_bh(&ip_conntrack_lock); |
1151 | 1154 | ||
1152 | /* must be unlocked when calling event cache */ | 1155 | /* must be unlocked when calling event cache */ |
1153 | if (do_event) | 1156 | if (event) |
1154 | ip_conntrack_event_cache(IPCT_REFRESH, skb); | 1157 | ip_conntrack_event_cache(event, skb); |
1155 | } | 1158 | } |
1156 | 1159 | ||
1157 | #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ | 1160 | #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ |
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index eade2749915a..06ed91ee8ace 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c | |||
@@ -177,11 +177,11 @@ ctnetlink_dump_counters(struct sk_buff *skb, const struct ip_conntrack *ct, | |||
177 | struct nfattr *nest_count = NFA_NEST(skb, type); | 177 | struct nfattr *nest_count = NFA_NEST(skb, type); |
178 | u_int64_t tmp; | 178 | u_int64_t tmp; |
179 | 179 | ||
180 | tmp = cpu_to_be64(ct->counters[dir].packets); | 180 | tmp = htonl(ct->counters[dir].packets); |
181 | NFA_PUT(skb, CTA_COUNTERS_PACKETS, sizeof(u_int64_t), &tmp); | 181 | NFA_PUT(skb, CTA_COUNTERS32_PACKETS, sizeof(u_int32_t), &tmp); |
182 | 182 | ||
183 | tmp = cpu_to_be64(ct->counters[dir].bytes); | 183 | tmp = htonl(ct->counters[dir].bytes); |
184 | NFA_PUT(skb, CTA_COUNTERS_BYTES, sizeof(u_int64_t), &tmp); | 184 | NFA_PUT(skb, CTA_COUNTERS32_BYTES, sizeof(u_int32_t), &tmp); |
185 | 185 | ||
186 | NFA_NEST_END(skb, nest_count); | 186 | NFA_NEST_END(skb, nest_count); |
187 | 187 | ||