From: Phil Oester <kernel@linuxace.com>
To: netfilter-devel@lists.netfilter.org
Subject: [PATCH] 1/3 ctstat requirements
Date: Tue, 26 Oct 2004 14:20:07 -0700 [thread overview]
Message-ID: <20041026212007.GB2598@linuxace.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 192 bytes --]
Current ctstat in pom-ng depends on three patches which are 2.6
only, but is not itself flagged 2.6 only. The below patch removes
the 2.4 version and adds the proper 'requires' entry.
Phil
[-- Attachment #2: patch-ctstat --]
[-- Type: text/plain, Size: 10222 bytes --]
diff -ruN pom-orig/ctstat/info pom-new/ctstat/info
--- pom-orig/ctstat/info 2004-07-22 16:30:39.000000000 -0400
+++ pom-new/ctstat/info 2004-10-01 17:50:09.830017520 -0400
@@ -1,4 +1,5 @@
Author: Martin Josefsson <gandalf@wlug.westbo.se>
Status: Works when the planets align into the shape of tux, and only then
Repository: pending
+Requires: linux >= 2.6.0
Depends: conntrack-seqfile, expect-slab-cache, module_parm
diff -ruN pom-orig/ctstat/linux-2.4/include/linux/netfilter_ipv4/ip_conntrack.h.ladd pom-new/ctstat/linux-2.4/include/linux/netfilter_ipv4/ip_conntrack.h.ladd
--- pom-orig/ctstat/linux-2.4/include/linux/netfilter_ipv4/ip_conntrack.h.ladd 2003-12-18 13:47:57.000000000 -0500
+++ pom-new/ctstat/linux-2.4/include/linux/netfilter_ipv4/ip_conntrack.h.ladd 1969-12-31 19:00:00.000000000 -0500
@@ -1,21 +0,0 @@
-extern unsigned int ip_conntrack_htable_size;
-
-struct ip_conntrack_stat
-{
- unsigned int searched;
- unsigned int found;
- unsigned int new;
- unsigned int invalid;
- unsigned int ignore;
- unsigned int delete;
- unsigned int delete_list;
- unsigned int insert;
- unsigned int insert_failed;
- unsigned int drop;
- unsigned int early_drop;
- unsigned int icmp_error;
- unsigned int expect_new;
- unsigned int expect_create;
- unsigned int expect_delete;
-} ____cacheline_aligned_in_smp;
-
diff -ruN pom-orig/ctstat/linux-2.4.patch pom-new/ctstat/linux-2.4.patch
--- pom-orig/ctstat/linux-2.4.patch 2003-12-18 13:47:57.000000000 -0500
+++ pom-new/ctstat/linux-2.4.patch 1969-12-31 19:00:00.000000000 -0500
@@ -1,261 +0,0 @@
-Binary files linux-2.4.22.raw/net/ipv4/netfilter/.ip_conntrack_standalone.c.rej.swp and linux-2.4.22/net/ipv4/netfilter/.ip_conntrack_standalone.c.rej.swp differ
-diff -x '*.orig' -x '*.rej' -urNp linux-2.4.22.raw/net/ipv4/netfilter/ip_conntrack_core.c linux-2.4.22/net/ipv4/netfilter/ip_conntrack_core.c
---- linux-2.4.22.raw/net/ipv4/netfilter/ip_conntrack_core.c 2003-11-15 22:29:29.000000000 +0100
-+++ linux-2.4.22/net/ipv4/netfilter/ip_conntrack_core.c 2003-11-15 22:30:32.000000000 +0100
-@@ -61,11 +61,13 @@ LIST_HEAD(protocol_list);
- static LIST_HEAD(helpers);
- unsigned int ip_conntrack_htable_size = 0;
- int ip_conntrack_max = 0;
--static atomic_t ip_conntrack_count = ATOMIC_INIT(0);
-+atomic_t ip_conntrack_count = ATOMIC_INIT(0);
- struct list_head *ip_conntrack_hash;
- static kmem_cache_t *ip_conntrack_cachep;
- struct ip_conntrack ip_conntrack_untracked;
-
-+struct ip_conntrack_stat ip_conntrack_stat[NR_CPUS];
-+
- extern struct ip_conntrack_protocol ip_conntrack_generic_protocol;
-
- static inline int proto_cmpfn(const struct ip_conntrack_protocol *curr,
-@@ -180,6 +182,7 @@ destroy_expect(struct ip_conntrack_expec
- IP_NF_ASSERT(!timer_pending(&exp->timeout));
-
- kfree(exp);
-+ ip_conntrack_stat[smp_processor_id()].expect_delete++;
- }
-
-
-@@ -348,12 +351,15 @@ destroy_conntrack(struct nf_conntrack *n
- DEBUGP("destroy_conntrack: returning ct=%p to slab\n", ct);
- kmem_cache_free(ip_conntrack_cachep, ct);
- atomic_dec(&ip_conntrack_count);
-+ ip_conntrack_stat[smp_processor_id()].delete++;
- }
-
- static void death_by_timeout(unsigned long ul_conntrack)
- {
- struct ip_conntrack *ct = (void *)ul_conntrack;
-
-+ ip_conntrack_stat[smp_processor_id()].delete_list++;
-+
- WRITE_LOCK(&ip_conntrack_lock);
- clean_from_lists(ct);
- WRITE_UNLOCK(&ip_conntrack_lock);
-@@ -376,13 +382,18 @@ __ip_conntrack_find(const struct ip_conn
- {
- struct ip_conntrack_tuple_hash *h;
- unsigned int hash = hash_conntrack(tuple);
-+ unsigned int cpu = smp_processor_id();
-
- MUST_BE_READ_LOCKED(&ip_conntrack_lock);
-- h = LIST_FIND(&ip_conntrack_hash[hash],
-- conntrack_tuple_cmp,
-- struct ip_conntrack_tuple_hash *,
-- tuple, ignored_conntrack);
-- return h;
-+ list_for_each_entry(h, &ip_conntrack_hash[hash], list) {
-+ if (conntrack_tuple_cmp(h, tuple, ignored_conntrack)) {
-+ ip_conntrack_stat[cpu].found++;
-+ return h;
-+ }
-+ ip_conntrack_stat[cpu].searched++;
-+ }
-+
-+ return NULL;
- }
-
- /* Find a connection corresponding to a tuple. */
-@@ -476,10 +487,12 @@ __ip_conntrack_confirm(struct nf_ct_info
- atomic_inc(&ct->ct_general.use);
- set_bit(IPS_CONFIRMED_BIT, &ct->status);
- WRITE_UNLOCK(&ip_conntrack_lock);
-+ ip_conntrack_stat[smp_processor_id()].insert++;
- return NF_ACCEPT;
- }
-
- WRITE_UNLOCK(&ip_conntrack_lock);
-+ ip_conntrack_stat[smp_processor_id()].insert_failed++;
- return NF_DROP;
- }
-
-@@ -614,6 +627,7 @@ static int early_drop(struct list_head *
- if (del_timer(&h->ctrack->timeout)) {
- death_by_timeout((unsigned long)h->ctrack);
- dropped = 1;
-+ ip_conntrack_stat[smp_processor_id()].early_drop++;
- }
- ip_conntrack_put(h->ctrack);
- return dropped;
-@@ -738,12 +752,16 @@ init_conntrack(const struct ip_conntrack
- LIST_DELETE(&ip_conntrack_expect_list, expected);
- expected->expectant->expecting--;
- nf_conntrack_get(&master_ct(conntrack)->infos[0]);
-- }
-+ ip_conntrack_stat[smp_processor_id()].expect_new++;
-+ } else
-+ ip_conntrack_stat[smp_processor_id()].new++;
-+
- atomic_inc(&ip_conntrack_count);
- WRITE_UNLOCK(&ip_conntrack_lock);
-
- if (expected && expected->expectfn)
- expected->expectfn(conntrack);
-+
- return &conntrack->tuplehash[IP_CT_DIR_ORIGINAL];
- }
-
-@@ -840,29 +858,38 @@ unsigned int ip_conntrack_in(unsigned in
- #endif
-
- /* Previously seen (loopback or untracked)? Ignore. */
-- if ((*pskb)->nfct)
-+ if ((*pskb)->nfct) {
-+ ip_conntrack_stat[smp_processor_id()].ignore++;
- return NF_ACCEPT;
-+ }
-
- proto = ip_ct_find_proto((*pskb)->nh.iph->protocol);
-
- /* It may be an icmp error... */
- if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP
-- && icmp_error_track(*pskb, &ctinfo, hooknum))
-+ && icmp_error_track(*pskb, &ctinfo, hooknum)) {
-+ ip_conntrack_stat[smp_processor_id()].icmp_error++;
- return NF_ACCEPT;
-+ }
-
-- if (!(ct = resolve_normal_ct(*pskb, proto,&set_reply,hooknum,&ctinfo)))
-+ if (!(ct = resolve_normal_ct(*pskb, proto,&set_reply,hooknum,&ctinfo))) {
- /* Not valid part of a connection */
-+ ip_conntrack_stat[smp_processor_id()].invalid++;
- return NF_ACCEPT;
-+ }
-
-- if (IS_ERR(ct))
-+ if (IS_ERR(ct)) {
- /* Too stressed to deal. */
-+ ip_conntrack_stat[smp_processor_id()].drop++;
- return NF_DROP;
-+ }
-
- IP_NF_ASSERT((*pskb)->nfct);
-
- ret = proto->packet(ct, (*pskb)->nh.iph, (*pskb)->len, ctinfo);
- if (ret == -1) {
- /* Invalid */
-+ ip_conntrack_stat[smp_processor_id()].invalid++;
- nf_conntrack_put((*pskb)->nfct);
- (*pskb)->nfct = NULL;
- return NF_ACCEPT;
-@@ -873,6 +900,7 @@ unsigned int ip_conntrack_in(unsigned in
- ct, ctinfo);
- if (ret == -1) {
- /* Invalid */
-+ ip_conntrack_stat[smp_processor_id()].invalid++;
- nf_conntrack_put((*pskb)->nfct);
- (*pskb)->nfct = NULL;
- return NF_ACCEPT;
-@@ -1056,6 +1084,8 @@ int ip_conntrack_expect_related(struct i
-
- WRITE_UNLOCK(&ip_conntrack_lock);
-
-+ ip_conntrack_stat[smp_processor_id()].expect_create++;
-+
- return ret;
- }
-
-diff -x '*.orig' -x '*.rej' -urNp linux-2.4.22.raw/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.4.22/net/ipv4/netfilter/ip_conntrack_standalone.c
---- linux-2.4.22.raw/net/ipv4/netfilter/ip_conntrack_standalone.c 2003-11-15 22:29:29.000000000 +0100
-+++ linux-2.4.22/net/ipv4/netfilter/ip_conntrack_standalone.c 2003-11-15 22:32:33.000000000 +0100
-@@ -40,6 +40,9 @@
- struct module *ip_conntrack_module = THIS_MODULE;
- MODULE_LICENSE("GPL");
-
-+extern atomic_t ip_conntrack_count;
-+extern struct ip_conntrack_stat ip_conntrack_stat[NR_CPUS];
-+
- static int kill_proto(const struct ip_conntrack *i, void *data)
- {
- return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum ==
-@@ -180,6 +183,46 @@ list_conntracks(char *buffer, char **sta
- return len;
- }
-
-+static int ip_conntrack_get_stat(char *buffer, char **start, off_t offset, int length)
-+{
-+ unsigned int nr_conntracks = atomic_read(&ip_conntrack_count);
-+ int i, lcpu;
-+ int len = 0;
-+
-+ for (lcpu = 0; lcpu < smp_num_cpus; lcpu++) {
-+ i = cpu_logical_map(lcpu);
-+
-+ len += sprintf(buffer+len, "%08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
-+ nr_conntracks,
-+ ip_conntrack_stat[i].searched,
-+ ip_conntrack_stat[i].found,
-+ ip_conntrack_stat[i].new,
-+ ip_conntrack_stat[i].invalid,
-+ ip_conntrack_stat[i].ignore,
-+ ip_conntrack_stat[i].delete,
-+ ip_conntrack_stat[i].delete_list,
-+ ip_conntrack_stat[i].insert,
-+ ip_conntrack_stat[i].insert_failed,
-+ ip_conntrack_stat[i].drop,
-+ ip_conntrack_stat[i].early_drop,
-+ ip_conntrack_stat[i].icmp_error,
-+
-+ ip_conntrack_stat[i].expect_new,
-+ ip_conntrack_stat[i].expect_create,
-+ ip_conntrack_stat[i].expect_delete
-+ );
-+ }
-+ len -= offset;
-+
-+ if (len > length)
-+ len = length;
-+ if (len < 0)
-+ len = 0;
-+
-+ *start = buffer + offset;
-+ return len;
-+}
-+
- static unsigned int ip_confirm(unsigned int hooknum,
- struct sk_buff **pskb,
- const struct net_device *in,
-@@ -363,7 +406,7 @@ static ctl_table ip_ct_net_table[] = {
- #endif
- static int init_or_cleanup(int init)
- {
-- struct proc_dir_entry *proc;
-+ struct proc_dir_entry *proc, *procstat;
- int ret = 0;
-
- if (!init) goto cleanup;
-@@ -376,10 +419,15 @@ static int init_or_cleanup(int init)
- if (!proc) goto cleanup_init;
- proc->owner = THIS_MODULE;
-
-+ procstat = proc_net_create("ip_conntrack_stat", 0, ip_conntrack_get_stat);
-+ if (!procstat)
-+ goto cleanup_proc;
-+ procstat->owner = THIS_MODULE;
-+
- ret = nf_register_hook(&ip_conntrack_defrag_ops);
- if (ret < 0) {
- printk("ip_conntrack: can't register pre-routing defrag hook.\n");
-- goto cleanup_proc;
-+ goto cleanup_procstat;
- }
- ret = nf_register_hook(&ip_conntrack_defrag_local_out_ops);
- if (ret < 0) {
-@@ -431,6 +479,8 @@ static int init_or_cleanup(int init)
- nf_unregister_hook(&ip_conntrack_defrag_local_out_ops);
- cleanup_defragops:
- nf_unregister_hook(&ip_conntrack_defrag_ops);
-+ cleanup_procstat:
-+ proc_net_remove("ip_conntrack_stat");
- cleanup_proc:
- proc_net_remove("ip_conntrack");
- cleanup_init:
reply other threads:[~2004-10-26 21:20 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041026212007.GB2598@linuxace.com \
--to=kernel@linuxace.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.