diff options
-rw-r--r-- | include/linux/netfilter_ipv4/ip_conntrack.h | 25 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_amanda.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 49 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_helper_pptp.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_netbios_ns.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_standalone.c | 2 |
6 files changed, 49 insertions, 32 deletions
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index bace72a76cc4..4ced38736813 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h | |||
@@ -332,11 +332,28 @@ extern void need_ip_conntrack(void); | |||
332 | extern int invert_tuplepr(struct ip_conntrack_tuple *inverse, | 332 | extern int invert_tuplepr(struct ip_conntrack_tuple *inverse, |
333 | const struct ip_conntrack_tuple *orig); | 333 | const struct ip_conntrack_tuple *orig); |
334 | 334 | ||
335 | extern void __ip_ct_refresh_acct(struct ip_conntrack *ct, | ||
336 | enum ip_conntrack_info ctinfo, | ||
337 | const struct sk_buff *skb, | ||
338 | unsigned long extra_jiffies, | ||
339 | int do_acct); | ||
340 | |||
341 | /* Refresh conntrack for this many jiffies and do accounting */ | ||
342 | static inline void ip_ct_refresh_acct(struct ip_conntrack *ct, | ||
343 | enum ip_conntrack_info ctinfo, | ||
344 | const struct sk_buff *skb, | ||
345 | unsigned long extra_jiffies) | ||
346 | { | ||
347 | __ip_ct_refresh_acct(ct, ctinfo, skb, extra_jiffies, 1); | ||
348 | } | ||
349 | |||
335 | /* Refresh conntrack for this many jiffies */ | 350 | /* Refresh conntrack for this many jiffies */ |
336 | extern void ip_ct_refresh_acct(struct ip_conntrack *ct, | 351 | static inline void ip_ct_refresh(struct ip_conntrack *ct, |
337 | enum ip_conntrack_info ctinfo, | 352 | const struct sk_buff *skb, |
338 | const struct sk_buff *skb, | 353 | unsigned long extra_jiffies) |
339 | unsigned long extra_jiffies); | 354 | { |
355 | __ip_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0); | ||
356 | } | ||
340 | 357 | ||
341 | /* These are for NAT. Icky. */ | 358 | /* These are for NAT. Icky. */ |
342 | /* Update TCP window tracking data when NAT mangles the packet */ | 359 | /* Update TCP window tracking data when NAT mangles the packet */ |
diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c index dc20881004bc..fa3f914117ec 100644 --- a/net/ipv4/netfilter/ip_conntrack_amanda.c +++ b/net/ipv4/netfilter/ip_conntrack_amanda.c | |||
@@ -65,7 +65,7 @@ static int help(struct sk_buff **pskb, | |||
65 | 65 | ||
66 | /* increase the UDP timeout of the master connection as replies from | 66 | /* increase the UDP timeout of the master connection as replies from |
67 | * Amanda clients to the server can be quite delayed */ | 67 | * Amanda clients to the server can be quite delayed */ |
68 | ip_ct_refresh_acct(ct, ctinfo, NULL, master_timeout * HZ); | 68 | ip_ct_refresh(ct, *pskb, master_timeout * HZ); |
69 | 69 | ||
70 | /* No data? */ | 70 | /* No data? */ |
71 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 71 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index c1f82e0c81cf..ea65dd3e517a 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -1112,45 +1112,46 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me) | |||
1112 | synchronize_net(); | 1112 | synchronize_net(); |
1113 | } | 1113 | } |
1114 | 1114 | ||
1115 | static inline void ct_add_counters(struct ip_conntrack *ct, | 1115 | /* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */ |
1116 | enum ip_conntrack_info ctinfo, | 1116 | void __ip_ct_refresh_acct(struct ip_conntrack *ct, |
1117 | const struct sk_buff *skb) | ||
1118 | { | ||
1119 | #ifdef CONFIG_IP_NF_CT_ACCT | ||
1120 | if (skb) { | ||
1121 | ct->counters[CTINFO2DIR(ctinfo)].packets++; | ||
1122 | ct->counters[CTINFO2DIR(ctinfo)].bytes += | ||
1123 | ntohs(skb->nh.iph->tot_len); | ||
1124 | } | ||
1125 | #endif | ||
1126 | } | ||
1127 | |||
1128 | /* Refresh conntrack for this many jiffies and do accounting (if skb != NULL) */ | ||
1129 | void ip_ct_refresh_acct(struct ip_conntrack *ct, | ||
1130 | enum ip_conntrack_info ctinfo, | 1117 | enum ip_conntrack_info ctinfo, |
1131 | const struct sk_buff *skb, | 1118 | const struct sk_buff *skb, |
1132 | unsigned long extra_jiffies) | 1119 | unsigned long extra_jiffies, |
1120 | int do_acct) | ||
1133 | { | 1121 | { |
1122 | int do_event = 0; | ||
1123 | |||
1134 | IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); | 1124 | IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct); |
1125 | IP_NF_ASSERT(skb); | ||
1126 | |||
1127 | write_lock_bh(&ip_conntrack_lock); | ||
1135 | 1128 | ||
1136 | /* If not in hash table, timer will not be active yet */ | 1129 | /* If not in hash table, timer will not be active yet */ |
1137 | if (!is_confirmed(ct)) { | 1130 | if (!is_confirmed(ct)) { |
1138 | ct->timeout.expires = extra_jiffies; | 1131 | ct->timeout.expires = extra_jiffies; |
1139 | ct_add_counters(ct, ctinfo, skb); | 1132 | do_event = 1; |
1140 | } else { | 1133 | } else { |
1141 | write_lock_bh(&ip_conntrack_lock); | ||
1142 | /* Need del_timer for race avoidance (may already be dying). */ | 1134 | /* Need del_timer for race avoidance (may already be dying). */ |
1143 | if (del_timer(&ct->timeout)) { | 1135 | if (del_timer(&ct->timeout)) { |
1144 | ct->timeout.expires = jiffies + extra_jiffies; | 1136 | ct->timeout.expires = jiffies + extra_jiffies; |
1145 | add_timer(&ct->timeout); | 1137 | add_timer(&ct->timeout); |
1146 | /* FIXME: We loose some REFRESH events if this function | 1138 | do_event = 1; |
1147 | * is called without an skb. I'll fix this later -HW */ | ||
1148 | if (skb) | ||
1149 | ip_conntrack_event_cache(IPCT_REFRESH, skb); | ||
1150 | } | 1139 | } |
1151 | ct_add_counters(ct, ctinfo, skb); | ||
1152 | write_unlock_bh(&ip_conntrack_lock); | ||
1153 | } | 1140 | } |
1141 | |||
1142 | #ifdef CONFIG_IP_NF_CT_ACCT | ||
1143 | if (do_acct) { | ||
1144 | ct->counters[CTINFO2DIR(ctinfo)].packets++; | ||
1145 | ct->counters[CTINFO2DIR(ctinfo)].bytes += | ||
1146 | ntohs(skb->nh.iph->tot_len); | ||
1147 | } | ||
1148 | #endif | ||
1149 | |||
1150 | write_unlock_bh(&ip_conntrack_lock); | ||
1151 | |||
1152 | /* must be unlocked when calling event cache */ | ||
1153 | if (do_event) | ||
1154 | ip_conntrack_event_cache(IPCT_REFRESH, skb); | ||
1154 | } | 1155 | } |
1155 | 1156 | ||
1156 | #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ | 1157 | #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \ |
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c index 8236ee0fb090..926a6684643d 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c | |||
@@ -172,7 +172,6 @@ static int destroy_sibling_or_exp(const struct ip_conntrack_tuple *t) | |||
172 | DEBUGP("setting timeout of conntrack %p to 0\n", sibling); | 172 | DEBUGP("setting timeout of conntrack %p to 0\n", sibling); |
173 | sibling->proto.gre.timeout = 0; | 173 | sibling->proto.gre.timeout = 0; |
174 | sibling->proto.gre.stream_timeout = 0; | 174 | sibling->proto.gre.stream_timeout = 0; |
175 | /* refresh_acct will not modify counters if skb == NULL */ | ||
176 | if (del_timer(&sibling->timeout)) | 175 | if (del_timer(&sibling->timeout)) |
177 | sibling->timeout.function((unsigned long)sibling); | 176 | sibling->timeout.function((unsigned long)sibling); |
178 | ip_conntrack_put(sibling); | 177 | ip_conntrack_put(sibling); |
diff --git a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c index 71ef19d126d0..577bac22dcc6 100644 --- a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c +++ b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c | |||
@@ -91,7 +91,7 @@ static int help(struct sk_buff **pskb, | |||
91 | ip_conntrack_expect_related(exp); | 91 | ip_conntrack_expect_related(exp); |
92 | ip_conntrack_expect_put(exp); | 92 | ip_conntrack_expect_put(exp); |
93 | 93 | ||
94 | ip_ct_refresh_acct(ct, ctinfo, NULL, timeout * HZ); | 94 | ip_ct_refresh(ct, *pskb, timeout * HZ); |
95 | out: | 95 | out: |
96 | return NF_ACCEPT; | 96 | return NF_ACCEPT; |
97 | } | 97 | } |
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index d3c7808010ec..dd476b191f4b 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c | |||
@@ -989,7 +989,7 @@ EXPORT_SYMBOL(need_ip_conntrack); | |||
989 | EXPORT_SYMBOL(ip_conntrack_helper_register); | 989 | EXPORT_SYMBOL(ip_conntrack_helper_register); |
990 | EXPORT_SYMBOL(ip_conntrack_helper_unregister); | 990 | EXPORT_SYMBOL(ip_conntrack_helper_unregister); |
991 | EXPORT_SYMBOL(ip_ct_iterate_cleanup); | 991 | EXPORT_SYMBOL(ip_ct_iterate_cleanup); |
992 | EXPORT_SYMBOL(ip_ct_refresh_acct); | 992 | EXPORT_SYMBOL(__ip_ct_refresh_acct); |
993 | 993 | ||
994 | EXPORT_SYMBOL(ip_conntrack_expect_alloc); | 994 | EXPORT_SYMBOL(ip_conntrack_expect_alloc); |
995 | EXPORT_SYMBOL(ip_conntrack_expect_put); | 995 | EXPORT_SYMBOL(ip_conntrack_expect_put); |