From: Patrick McHardy <kaber@trash.net>
To: Krzysztof Piotr Oledzki <ole@ans.pl>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 2/2] Netfilter: Accounting rework: ct_extend + 64bit counters (v3)
Date: Tue, 24 Jun 2008 17:38:17 +0200 [thread overview]
Message-ID: <486114E9.9000809@trash.net> (raw)
In-Reply-To: <485a3c49.C0A/tC0/U7AaZp3V%ole@ans.pl>
A few minor nits - a patch on top to fix them is fine, I'll
just fold them together.
Krzysztof Piotr Oledzki wrote:
> diff --git a/include/net/netfilter/nf_conntrack_acct.h b/include/net/netfilter/nf_conntrack_acct.h
> new file mode 100644
> index 0000000..6b26e5e
> --- /dev/null
> +++ b/include/net/netfilter/nf_conntrack_acct.h
> @@ -0,0 +1,22 @@
> +#ifndef _NF_CONNTRACK_ACCT_H
> +#define _NF_CONNTRACK_ACCT_H
> +#include <linux/netfilter/nf_conntrack_common.h>
> +#include <linux/netfilter/nf_conntrack_tuple_common.h>
> +#include <net/netfilter/nf_conntrack.h>
> +#include <net/netfilter/nf_conntrack_extend.h>
> +
> +static inline
> +struct ip_conntrack_counter *nf_conn_acct_find(const struct nf_conn *ct)
> +{
> + return nf_ct_ext_find(ct, NF_CT_EXT_ACCT);
> +}
> +
> +struct ip_conntrack_counter *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp);
> +
> +unsigned int
> +seq_print_acct(struct seq_file *s, const struct nf_conn *ct, int dir);
> +
> +int nf_conntrack_acct_init(void);
> +void nf_conntrack_acct_fini(void);
extern for function declarations please. Also using ip_conntrack in the
struct name doesn't make much sense, please use nf_conntrack as prefix.
Or maybe for consistency with the other extensions, nf_conn.
> diff --git a/net/netfilter/nf_conntrack_acct.c b/net/netfilter/nf_conntrack_acct.c
> new file mode 100644
> index 0000000..9d87a05
> --- /dev/null
> +++ b/net/netfilter/nf_conntrack_acct.c
> @@ -0,0 +1,117 @@
> +/* Accouting handling for netfilter. */
> +
> +/*
> + * (C) 2008 Krzysztof Piotr Oledzki <ole@ans.pl>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +
> +#include <linux/netfilter.h>
> +#include <linux/kernel.h>
> +#include <linux/moduleparam.h>
> +
> +#include <net/netfilter/nf_conntrack.h>
> +#include <net/netfilter/nf_conntrack_extend.h>
> +#include <net/netfilter/nf_conntrack_acct.h>
> +
> +#ifdef CONFIG_NF_CT_ACCT
> +#define NF_CT_ACCT_DEFAULT 1
> +#else
> +#define NF_CT_ACCT_DEFAULT 0
> +#endif
> +
> +static unsigned int nf_ct_acct __read_mostly = NF_CT_ACCT_DEFAULT;
Perhaps this should be bool instead?
> +
> +module_param_named(acct, nf_ct_acct, bool, 0644);
> +MODULE_PARM_DESC(acct, "Enable connection tracking flow accounting.");
> +
> +#ifdef CONFIG_SYSCTL
> +static struct ctl_table_header *acct_sysctl_header;
> +static struct ctl_table acct_sysctl_table[] = {
> + {
> + .ctl_name = CTL_UNNUMBERED,
> + .procname = "nf_conntrack_acct",
> + .data = &nf_ct_acct,
> + .maxlen = sizeof(unsigned int),
> + .mode = 0644,
> + .proc_handler = &proc_dointvec,
> + },
> + {}
> +};
> +#endif /* CONFIG_SYSCTL */
> +
> +struct ip_conntrack_counter *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp)
> +{
> + struct ip_conntrack_counter *acct;
> +
> + if (!nf_ct_acct)
> + return NULL;
> +
> + acct = nf_ct_ext_add(ct, NF_CT_EXT_ACCT, gfp);
> + if (!acct)
> + pr_debug("failed to add accounting extension area");
> +
> + return acct;
> +};
Missing EXPORT_SYMBOL_GPL for ctnetlink:
ERROR: "nf_ct_acct_ext_add" [net/netfilter/nf_conntrack_netlink.ko]
undefined!
Perhaps this should be inlined or at least the nf_ct_acct
check so we can avoid the unnecessary function call for
disabled accounting?
> +
> +unsigned int
> +seq_print_acct(struct seq_file *s, const struct nf_conn *ct, int dir)
> +{
> + struct ip_conntrack_counter *acct;
> +
> + acct = nf_conn_acct_find(ct);
> + if (!acct)
> + return 0;
> +
> + return seq_printf(s, "packets=%llu bytes=%llu ",
> + (unsigned long long)acct[dir].packets,
> + (unsigned long long)acct[dir].bytes);
> +};
> +EXPORT_SYMBOL_GPL(seq_print_acct);
> +
> +static struct nf_ct_ext_type acct_extend __read_mostly = {
> + .len = sizeof(struct ip_conntrack_counter[IP_CT_DIR_MAX]),
> + .align = __alignof__(struct ip_conntrack_counter[IP_CT_DIR_MAX]),
> + .id = NF_CT_EXT_ACCT,
> +};
> +
> +int nf_conntrack_acct_init(void)
> +{
> + int ret;
> +
> +#ifdef CONFIG_NF_CT_ACCT
> + printk(KERN_WARNING "CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Plase use\n");
> + printk(KERN_WARNING "nf_conntrack.acct=1 kernel paramater, acct=1 nf_conntrack module option or\n");
> + printk(KERN_WARNING "sysctl net.netfilter.nf_conntrack_acct=1 to enable it.\n");
Since sysctls are deprecated (or are they still?), better to just
mention the kernel and module options.
> diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
> index ab655f6..165e7f3 100644
> --- a/net/netfilter/nf_conntrack_netlink.c
> +++ b/net/netfilter/nf_conntrack_netlink.c
> @@ -229,9 +234,6 @@ ctnetlink_dump_counters(struct sk_buff *skb, const struct nf_conn *ct,
> nla_put_failure:
> return -1;
> }
> -#else
> -#define ctnetlink_dump_counters(a, b, c) (0)
> -#endif
>
> #ifdef CONFIG_NF_CONNTRACK_MARK
> static inline int
> @@ -389,8 +391,8 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
>
> if (ctnetlink_dump_status(skb, ct) < 0 ||
> ctnetlink_dump_timeout(skb, ct) < 0 ||
> - ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
> - ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0 ||
> + ctnetlink_dump_acct(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
> + ctnetlink_dump_acct(skb, ct, IP_CT_DIR_REPLY) < 0 ||
This rename seems pointless. I also like the old name better.
next prev parent reply other threads:[~2008-06-24 15:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-19 11:00 [PATCH 2/2] Netfilter: Accounting rework: ct_extend + 64bit counters (v3) Krzysztof Piotr Oledzki
2008-06-24 15:38 ` Patrick McHardy [this message]
2008-06-24 16:37 ` Krzysztof Oledzki
2008-06-24 16:45 ` Patrick McHardy
2008-06-24 16:50 ` Jan Engelhardt
2008-06-24 17:13 ` Krzysztof Oledzki
2008-06-28 9:09 ` Jan Engelhardt
2008-06-30 15:59 ` Patrick McHardy
2008-07-02 13:03 ` Krzysztof Oledzki
2008-07-02 13:07 ` Patrick McHardy
2008-07-02 13:20 ` Krzysztof Oledzki
2008-07-02 13:21 ` Patrick McHardy
2008-07-02 13:36 ` Krzysztof Oledzki
2008-07-02 13:40 ` Patrick McHardy
2008-07-02 13:46 ` Krzysztof Oledzki
2008-07-02 13:51 ` Patrick McHardy
2008-07-02 13:57 ` Jan Engelhardt
2008-07-02 14:02 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=486114E9.9000809@trash.net \
--to=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=ole@ans.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.