aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorHarald Welte <laforge@netfilter.org>2005-10-11 00:21:10 -0400
committerDavid S. Miller <davem@davemloft.net>2005-10-11 00:21:10 -0400
commita051a8f7306476af0a74370ad56e793cb6c43bf7 (patch)
tree3dc8bc67e6c16a28a0161ed7f7fb55008da3d7d5 /net
parentd4875b049b2e6401a6e1fae90b7f09e20a636fcf (diff)
[NETFILTER]: Use only 32bit counters for CONNTRACK_ACCT
Initially we used 64bit counters for conntrack-based accounting, since we had no event mechanism to tell userspace that our counters are about to overflow. With nfnetlink_conntrack, we now have such a event mechanism and thus can save 16bytes per connection. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c13
-rw-r--r--net/ipv4/netfilter/ip_conntrack_netlink.c8
2 files changed, 12 insertions, 9 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index ea65dd3e517a..07a80b56e8dc 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1119,7 +1119,7 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct,
1119 unsigned long extra_jiffies, 1119 unsigned long extra_jiffies,
1120 int do_acct) 1120 int do_acct)
1121{ 1121{
1122 int do_event = 0; 1122 int event = 0;
1123 1123
1124 IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); 1124 IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct);
1125 IP_NF_ASSERT(skb); 1125 IP_NF_ASSERT(skb);
@@ -1129,13 +1129,13 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct,
1129 /* If not in hash table, timer will not be active yet */ 1129 /* If not in hash table, timer will not be active yet */
1130 if (!is_confirmed(ct)) { 1130 if (!is_confirmed(ct)) {
1131 ct->timeout.expires = extra_jiffies; 1131 ct->timeout.expires = extra_jiffies;
1132 do_event = 1; 1132 event = IPCT_REFRESH;
1133 } else { 1133 } else {
1134 /* Need del_timer for race avoidance (may already be dying). */ 1134 /* Need del_timer for race avoidance (may already be dying). */
1135 if (del_timer(&ct->timeout)) { 1135 if (del_timer(&ct->timeout)) {
1136 ct->timeout.expires = jiffies + extra_jiffies; 1136 ct->timeout.expires = jiffies + extra_jiffies;
1137 add_timer(&ct->timeout); 1137 add_timer(&ct->timeout);
1138 do_event = 1; 1138 event = IPCT_REFRESH;
1139 } 1139 }
1140 } 1140 }
1141 1141
@@ -1144,14 +1144,17 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct,
1144 ct->counters[CTINFO2DIR(ctinfo)].packets++; 1144 ct->counters[CTINFO2DIR(ctinfo)].packets++;
1145 ct->counters[CTINFO2DIR(ctinfo)].bytes += 1145 ct->counters[CTINFO2DIR(ctinfo)].bytes +=
1146 ntohs(skb->nh.iph->tot_len); 1146 ntohs(skb->nh.iph->tot_len);
1147 if ((ct->counters[CTINFO2DIR(ctinfo)].packets & 0x80000000)
1148 || (ct->counters[CTINFO2DIR(ctinfo)].bytes & 0x80000000))
1149 event |= IPCT_COUNTER_FILLING;
1147 } 1150 }
1148#endif 1151#endif
1149 1152
1150 write_unlock_bh(&ip_conntrack_lock); 1153 write_unlock_bh(&ip_conntrack_lock);
1151 1154
1152 /* must be unlocked when calling event cache */ 1155 /* must be unlocked when calling event cache */
1153 if (do_event) 1156 if (event)
1154 ip_conntrack_event_cache(IPCT_REFRESH, skb); 1157 ip_conntrack_event_cache(event, skb);
1155} 1158}
1156 1159
1157#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ 1160#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index eade2749915a..06ed91ee8ace 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -177,11 +177,11 @@ ctnetlink_dump_counters(struct sk_buff *skb, const struct ip_conntrack *ct,
177 struct nfattr *nest_count = NFA_NEST(skb, type); 177 struct nfattr *nest_count = NFA_NEST(skb, type);
178 u_int64_t tmp; 178 u_int64_t tmp;
179 179
180 tmp = cpu_to_be64(ct->counters[dir].packets); 180 tmp = htonl(ct->counters[dir].packets);
181 NFA_PUT(skb, CTA_COUNTERS_PACKETS, sizeof(u_int64_t), &tmp); 181 NFA_PUT(skb, CTA_COUNTERS32_PACKETS, sizeof(u_int32_t), &tmp);
182 182
183 tmp = cpu_to_be64(ct->counters[dir].bytes); 183 tmp = htonl(ct->counters[dir].bytes);
184 NFA_PUT(skb, CTA_COUNTERS_BYTES, sizeof(u_int64_t), &tmp); 184 NFA_PUT(skb, CTA_COUNTERS32_BYTES, sizeof(u_int32_t), &tmp);
185 185
186 NFA_NEST_END(skb, nest_count); 186 NFA_NEST_END(skb, nest_count);
187 187