* [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys @ 2016-12-25 11:58 Liping Zhang 2016-12-25 11:58 ` [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support Liping Zhang 2017-01-03 13:38 ` [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Pablo Neira Ayuso 0 siblings, 2 replies; 4+ messages in thread From: Liping Zhang @ 2016-12-25 11:58 UTC (permalink / raw) To: pablo; +Cc: netfilter-devel, Liping Zhang From: Liping Zhang <zlpnobody@gmail.com> We missed to add descriptions about NFT_CT_LABELS, NFT_CT_PKTS and NFT_CT_BYTES, now add it. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> --- include/uapi/linux/netfilter/nf_tables.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index 881d49e..5726f90 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -860,6 +860,9 @@ enum nft_rt_attributes { * @NFT_CT_PROTOCOL: conntrack layer 4 protocol * @NFT_CT_PROTO_SRC: conntrack layer 4 protocol source * @NFT_CT_PROTO_DST: conntrack layer 4 protocol destination + * @NFT_CT_LABELS: conntrack labels + * @NFT_CT_PKTS: conntrack packets + * @NFT_CT_BYTES: conntrack bytes */ enum nft_ct_keys { NFT_CT_STATE, -- 2.5.5 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support 2016-12-25 11:58 [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Liping Zhang @ 2016-12-25 11:58 ` Liping Zhang 2017-01-03 13:41 ` Pablo Neira Ayuso 2017-01-03 13:38 ` [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Pablo Neira Ayuso 1 sibling, 1 reply; 4+ messages in thread From: Liping Zhang @ 2016-12-25 11:58 UTC (permalink / raw) To: pablo; +Cc: netfilter-devel, Liping Zhang From: Liping Zhang <zlpnobody@gmail.com> Similar to xt_connbytes, user can match how many average bytes per packet a connection has transferred so far. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> --- include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nft_ct.c | 22 +++++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index 5726f90..b00a05d 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -863,6 +863,7 @@ enum nft_rt_attributes { * @NFT_CT_LABELS: conntrack labels * @NFT_CT_PKTS: conntrack packets * @NFT_CT_BYTES: conntrack bytes + * @NFT_CT_AVGPKT: conntrack average bytes per packet */ enum nft_ct_keys { NFT_CT_STATE, @@ -881,6 +882,7 @@ enum nft_ct_keys { NFT_CT_LABELS, NFT_CT_PKTS, NFT_CT_BYTES, + NFT_CT_AVGPKT, }; /** diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index e6baeae..d774d78 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -129,6 +129,22 @@ static void nft_ct_get_eval(const struct nft_expr *expr, memcpy(dest, &count, sizeof(count)); return; } + case NFT_CT_AVGPKT: { + const struct nf_conn_acct *acct = nf_conn_acct_find(ct); + u64 avgcnt = 0, bcnt = 0, pcnt = 0; + + if (acct) { + pcnt = nft_ct_get_eval_counter(acct->counter, + NFT_CT_PKTS, priv->dir); + bcnt = nft_ct_get_eval_counter(acct->counter, + NFT_CT_BYTES, priv->dir); + if (pcnt != 0) + avgcnt = div64_u64(bcnt, pcnt); + } + + memcpy(dest, &avgcnt, sizeof(avgcnt)); + return; + } case NFT_CT_L3PROTOCOL: *dest = nf_ct_l3num(ct); return; @@ -316,6 +332,7 @@ static int nft_ct_get_init(const struct nft_ctx *ctx, break; case NFT_CT_BYTES: case NFT_CT_PKTS: + case NFT_CT_AVGPKT: /* no direction? return sum of original + reply */ if (tb[NFTA_CT_DIRECTION] == NULL) priv->dir = IP_CT_DIR_MAX; @@ -346,7 +363,9 @@ static int nft_ct_get_init(const struct nft_ctx *ctx, if (err < 0) return err; - if (priv->key == NFT_CT_BYTES || priv->key == NFT_CT_PKTS) + if (priv->key == NFT_CT_BYTES || + priv->key == NFT_CT_PKTS || + priv->key == NFT_CT_AVGPKT) nf_ct_set_acct(ctx->net, true); return 0; @@ -445,6 +464,7 @@ static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr) break; case NFT_CT_BYTES: case NFT_CT_PKTS: + case NFT_CT_AVGPKT: if (priv->dir < IP_CT_DIR_MAX && nla_put_u8(skb, NFTA_CT_DIRECTION, priv->dir)) goto nla_put_failure; -- 2.5.5 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support 2016-12-25 11:58 ` [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support Liping Zhang @ 2017-01-03 13:41 ` Pablo Neira Ayuso 0 siblings, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2017-01-03 13:41 UTC (permalink / raw) To: Liping Zhang; +Cc: netfilter-devel, Liping Zhang On Sun, Dec 25, 2016 at 07:58:59PM +0800, Liping Zhang wrote: > From: Liping Zhang <zlpnobody@gmail.com> > > Similar to xt_connbytes, user can match how many average bytes per packet > a connection has transferred so far. Also applied, thanks. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys 2016-12-25 11:58 [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Liping Zhang 2016-12-25 11:58 ` [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support Liping Zhang @ 2017-01-03 13:38 ` Pablo Neira Ayuso 1 sibling, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2017-01-03 13:38 UTC (permalink / raw) To: Liping Zhang; +Cc: netfilter-devel, Liping Zhang On Sun, Dec 25, 2016 at 07:58:58PM +0800, Liping Zhang wrote: > From: Liping Zhang <zlpnobody@gmail.com> > > We missed to add descriptions about NFT_CT_LABELS, NFT_CT_PKTS and > NFT_CT_BYTES, now add it. Applied, thanks. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-01-03 13:42 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-12-25 11:58 [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Liping Zhang 2016-12-25 11:58 ` [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support Liping Zhang 2017-01-03 13:41 ` Pablo Neira Ayuso 2017-01-03 13:38 ` [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Pablo Neira Ayuso
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.