diff options
| -rw-r--r-- | net/netfilter/nf_tables_core.c | 28 |
1 files changed, 10 insertions, 18 deletions
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c index 4368c5850548..7d83a49fd8e5 100644 --- a/net/netfilter/nf_tables_core.c +++ b/net/netfilter/nf_tables_core.c | |||
| @@ -66,20 +66,6 @@ struct nft_jumpstack { | |||
| 66 | int rulenum; | 66 | int rulenum; |
| 67 | }; | 67 | }; |
| 68 | 68 | ||
| 69 | static inline void | ||
| 70 | nft_chain_stats(const struct nft_chain *this, const struct nft_pktinfo *pkt, | ||
| 71 | struct nft_jumpstack *jumpstack, unsigned int stackptr) | ||
| 72 | { | ||
| 73 | struct nft_stats __percpu *stats; | ||
| 74 | const struct nft_chain *chain = stackptr ? jumpstack[0].chain : this; | ||
| 75 | |||
| 76 | rcu_read_lock_bh(); | ||
| 77 | stats = rcu_dereference(nft_base_chain(chain)->stats); | ||
| 78 | __this_cpu_inc(stats->pkts); | ||
| 79 | __this_cpu_add(stats->bytes, pkt->skb->len); | ||
| 80 | rcu_read_unlock_bh(); | ||
| 81 | } | ||
| 82 | |||
| 83 | enum nft_trace { | 69 | enum nft_trace { |
| 84 | NFT_TRACE_RULE, | 70 | NFT_TRACE_RULE, |
| 85 | NFT_TRACE_RETURN, | 71 | NFT_TRACE_RETURN, |
| @@ -117,12 +103,13 @@ static void nft_trace_packet(const struct nft_pktinfo *pkt, | |||
| 117 | unsigned int | 103 | unsigned int |
| 118 | nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops) | 104 | nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops) |
| 119 | { | 105 | { |
| 120 | const struct nft_chain *chain = ops->priv; | 106 | const struct nft_chain *chain = ops->priv, *basechain = chain; |
| 121 | const struct nft_rule *rule; | 107 | const struct nft_rule *rule; |
| 122 | const struct nft_expr *expr, *last; | 108 | const struct nft_expr *expr, *last; |
| 123 | struct nft_data data[NFT_REG_MAX + 1]; | 109 | struct nft_data data[NFT_REG_MAX + 1]; |
| 124 | unsigned int stackptr = 0; | 110 | unsigned int stackptr = 0; |
| 125 | struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE]; | 111 | struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE]; |
| 112 | struct nft_stats __percpu *stats; | ||
| 126 | int rulenum; | 113 | int rulenum; |
| 127 | /* | 114 | /* |
| 128 | * Cache cursor to avoid problems in case that the cursor is updated | 115 | * Cache cursor to avoid problems in case that the cursor is updated |
| @@ -209,12 +196,17 @@ next_rule: | |||
| 209 | rulenum = jumpstack[stackptr].rulenum; | 196 | rulenum = jumpstack[stackptr].rulenum; |
| 210 | goto next_rule; | 197 | goto next_rule; |
| 211 | } | 198 | } |
| 212 | nft_chain_stats(chain, pkt, jumpstack, stackptr); | ||
| 213 | 199 | ||
| 214 | if (unlikely(pkt->skb->nf_trace)) | 200 | if (unlikely(pkt->skb->nf_trace)) |
| 215 | nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_POLICY); | 201 | nft_trace_packet(pkt, basechain, ++rulenum, NFT_TRACE_POLICY); |
| 202 | |||
| 203 | rcu_read_lock_bh(); | ||
| 204 | stats = rcu_dereference(nft_base_chain(basechain)->stats); | ||
| 205 | __this_cpu_inc(stats->pkts); | ||
| 206 | __this_cpu_add(stats->bytes, pkt->skb->len); | ||
| 207 | rcu_read_unlock_bh(); | ||
| 216 | 208 | ||
| 217 | return nft_base_chain(chain)->policy; | 209 | return nft_base_chain(basechain)->policy; |
| 218 | } | 210 | } |
| 219 | EXPORT_SYMBOL_GPL(nft_do_chain); | 211 | EXPORT_SYMBOL_GPL(nft_do_chain); |
| 220 | 212 | ||