aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack.h25
-rw-r--r--net/ipv4/netfilter/ip_conntrack_amanda.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c49
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_pptp.c1
-rw-r--r--net/ipv4/netfilter/ip_conntrack_netbios_ns.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_standalone.c2
6 files changed, 49 insertions, 32 deletions
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index bace72a76cc4..4ced38736813 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -332,11 +332,28 @@ extern void need_ip_conntrack(void);
332extern int invert_tuplepr(struct ip_conntrack_tuple *inverse, 332extern int invert_tuplepr(struct ip_conntrack_tuple *inverse,
333 const struct ip_conntrack_tuple *orig); 333 const struct ip_conntrack_tuple *orig);
334 334
335extern void __ip_ct_refresh_acct(struct ip_conntrack *ct,
336 enum ip_conntrack_info ctinfo,
337 const struct sk_buff *skb,
338 unsigned long extra_jiffies,
339 int do_acct);
340
341/* Refresh conntrack for this many jiffies and do accounting */
342static inline void ip_ct_refresh_acct(struct ip_conntrack *ct,
343 enum ip_conntrack_info ctinfo,
344 const struct sk_buff *skb,
345 unsigned long extra_jiffies)
346{
347 __ip_ct_refresh_acct(ct, ctinfo, skb, extra_jiffies, 1);
348}
349
335/* Refresh conntrack for this many jiffies */ 350/* Refresh conntrack for this many jiffies */
336extern void ip_ct_refresh_acct(struct ip_conntrack *ct, 351static inline void ip_ct_refresh(struct ip_conntrack *ct,
337 enum ip_conntrack_info ctinfo, 352 const struct sk_buff *skb,
338 const struct sk_buff *skb, 353 unsigned long extra_jiffies)
339 unsigned long extra_jiffies); 354{
355 __ip_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0);
356}
340 357
341/* These are for NAT. Icky. */ 358/* These are for NAT. Icky. */
342/* Update TCP window tracking data when NAT mangles the packet */ 359/* Update TCP window tracking data when NAT mangles the packet */
diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c
index dc20881004bc..fa3f914117ec 100644
--- a/net/ipv4/netfilter/ip_conntrack_amanda.c
+++ b/net/ipv4/netfilter/ip_conntrack_amanda.c
@@ -65,7 +65,7 @@ static int help(struct sk_buff **pskb,
65 65
66 /* increase the UDP timeout of the master connection as replies from 66 /* increase the UDP timeout of the master connection as replies from
67 * Amanda clients to the server can be quite delayed */ 67 * Amanda clients to the server can be quite delayed */
68 ip_ct_refresh_acct(ct, ctinfo, NULL, master_timeout * HZ); 68 ip_ct_refresh(ct, *pskb, master_timeout * HZ);
69 69
70 /* No data? */ 70 /* No data? */
71 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 71 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index c1f82e0c81cf..ea65dd3e517a 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1112,45 +1112,46 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me)
1112 synchronize_net(); 1112 synchronize_net();
1113} 1113}
1114 1114
1115static inline void ct_add_counters(struct ip_conntrack *ct, 1115/* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */
1116 enum ip_conntrack_info ctinfo, 1116void __ip_ct_refresh_acct(struct ip_conntrack *ct,
1117 const struct sk_buff *skb)
1118{
1119#ifdef CONFIG_IP_NF_CT_ACCT
1120 if (skb) {
1121 ct->counters[CTINFO2DIR(ctinfo)].packets++;
1122 ct->counters[CTINFO2DIR(ctinfo)].bytes +=
1123 ntohs(skb->nh.iph->tot_len);
1124 }
1125#endif
1126}
1127
1128/* Refresh conntrack for this many jiffies and do accounting (if skb != NULL) */
1129void ip_ct_refresh_acct(struct ip_conntrack *ct,
1130 enum ip_conntrack_info ctinfo, 1117 enum ip_conntrack_info ctinfo,
1131 const struct sk_buff *skb, 1118 const struct sk_buff *skb,
1132 unsigned long extra_jiffies) 1119 unsigned long extra_jiffies,
1120 int do_acct)
1133{ 1121{
1122 int do_event = 0;
1123
1134 IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); 1124 IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct);
1125 IP_NF_ASSERT(skb);
1126
1127 write_lock_bh(&ip_conntrack_lock);
1135 1128
1136 /* If not in hash table, timer will not be active yet */ 1129 /* If not in hash table, timer will not be active yet */
1137 if (!is_confirmed(ct)) { 1130 if (!is_confirmed(ct)) {
1138 ct->timeout.expires = extra_jiffies; 1131 ct->timeout.expires = extra_jiffies;
1139 ct_add_counters(ct, ctinfo, skb); 1132 do_event = 1;
1140 } else { 1133 } else {
1141 write_lock_bh(&ip_conntrack_lock);
1142 /* Need del_timer for race avoidance (may already be dying). */ 1134 /* Need del_timer for race avoidance (may already be dying). */
1143 if (del_timer(&ct->timeout)) { 1135 if (del_timer(&ct->timeout)) {
1144 ct->timeout.expires = jiffies + extra_jiffies; 1136 ct->timeout.expires = jiffies + extra_jiffies;
1145 add_timer(&ct->timeout); 1137 add_timer(&ct->timeout);
1146 /* FIXME: We loose some REFRESH events if this function 1138 do_event = 1;
1147 * is called without an skb. I'll fix this later -HW */
1148 if (skb)
1149 ip_conntrack_event_cache(IPCT_REFRESH, skb);
1150 } 1139 }
1151 ct_add_counters(ct, ctinfo, skb);
1152 write_unlock_bh(&ip_conntrack_lock);
1153 } 1140 }
1141
1142#ifdef CONFIG_IP_NF_CT_ACCT
1143 if (do_acct) {
1144 ct->counters[CTINFO2DIR(ctinfo)].packets++;
1145 ct->counters[CTINFO2DIR(ctinfo)].bytes +=
1146 ntohs(skb->nh.iph->tot_len);
1147 }
1148#endif
1149
1150 write_unlock_bh(&ip_conntrack_lock);
1151
1152 /* must be unlocked when calling event cache */
1153 if (do_event)
1154 ip_conntrack_event_cache(IPCT_REFRESH, skb);
1154} 1155}
1155 1156
1156#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ 1157#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
index 8236ee0fb090..926a6684643d 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
@@ -172,7 +172,6 @@ static int destroy_sibling_or_exp(const struct ip_conntrack_tuple *t)
172 DEBUGP("setting timeout of conntrack %p to 0\n", sibling); 172 DEBUGP("setting timeout of conntrack %p to 0\n", sibling);
173 sibling->proto.gre.timeout = 0; 173 sibling->proto.gre.timeout = 0;
174 sibling->proto.gre.stream_timeout = 0; 174 sibling->proto.gre.stream_timeout = 0;
175 /* refresh_acct will not modify counters if skb == NULL */
176 if (del_timer(&sibling->timeout)) 175 if (del_timer(&sibling->timeout))
177 sibling->timeout.function((unsigned long)sibling); 176 sibling->timeout.function((unsigned long)sibling);
178 ip_conntrack_put(sibling); 177 ip_conntrack_put(sibling);
diff --git a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
index 71ef19d126d0..577bac22dcc6 100644
--- a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
+++ b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
@@ -91,7 +91,7 @@ static int help(struct sk_buff **pskb,
91 ip_conntrack_expect_related(exp); 91 ip_conntrack_expect_related(exp);
92 ip_conntrack_expect_put(exp); 92 ip_conntrack_expect_put(exp);
93 93
94 ip_ct_refresh_acct(ct, ctinfo, NULL, timeout * HZ); 94 ip_ct_refresh(ct, *pskb, timeout * HZ);
95out: 95out:
96 return NF_ACCEPT; 96 return NF_ACCEPT;
97} 97}
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index d3c7808010ec..dd476b191f4b 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -989,7 +989,7 @@ EXPORT_SYMBOL(need_ip_conntrack);
989EXPORT_SYMBOL(ip_conntrack_helper_register); 989EXPORT_SYMBOL(ip_conntrack_helper_register);
990EXPORT_SYMBOL(ip_conntrack_helper_unregister); 990EXPORT_SYMBOL(ip_conntrack_helper_unregister);
991EXPORT_SYMBOL(ip_ct_iterate_cleanup); 991EXPORT_SYMBOL(ip_ct_iterate_cleanup);
992EXPORT_SYMBOL(ip_ct_refresh_acct); 992EXPORT_SYMBOL(__ip_ct_refresh_acct);
993 993
994EXPORT_SYMBOL(ip_conntrack_expect_alloc); 994EXPORT_SYMBOL(ip_conntrack_expect_alloc);
995EXPORT_SYMBOL(ip_conntrack_expect_put); 995EXPORT_SYMBOL(ip_conntrack_expect_put);