From: Jan Engelhardt <jengelh@medozas.de>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: [PATCH 22/56] netfilter: xtables2: xt1->xt2 translation - ADD_COUNTERS support
Date: Tue, 29 Jun 2010 10:43:02 +0200 [thread overview]
Message-ID: <1277801017-30600-23-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1277801017-30600-1-git-send-email-jengelh@medozas.de>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/linux/netfilter/x_tables.h | 2 +
net/ipv6/netfilter/ip6_tables.c | 11 ++++++
net/netfilter/xt1_support.c | 63 ++++++++++++++++++++++++++++++++++++
3 files changed, 76 insertions(+), 0 deletions(-)
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index d672b3d..99d05ba 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -739,6 +739,8 @@ extern int xts_target_to_xt1(void __user **, int *, unsigned int *,
const struct xt2_entry_target *);
extern int xts_table_replace(void __user *, unsigned int, struct net *,
struct xt2_table *);
+extern int xts_get_counters(struct xt2_table *,
+ const struct xt_counters __user *, unsigned int);
extern struct xt2_rule *xt2_rule_new(struct xt2_chain *);
extern int xt2_rule_add_match(struct xt2_rule *, const char *, uint8_t,
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 78dca6f..80177a5 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1239,6 +1239,7 @@ static int get_info(struct net *net, void __user *user,
if (xt2_table != NULL) {
ret = ip6t2_get_info(user, *len, xt2_table);
rcu_read_unlock();
+ module_put(xt2_table->owner);
if (t != NULL)
module_put(t->me);
return ret;
@@ -1482,6 +1483,7 @@ do_add_counters(struct net *net, const void __user *user, unsigned int len,
int ret = 0;
const void *loc_cpu_entry;
struct ip6t_entry *iter;
+ struct xt2_table *xt2_table;
#ifdef CONFIG_COMPAT
struct compat_xt_counters_info compat_tmp;
@@ -1512,6 +1514,15 @@ do_add_counters(struct net *net, const void __user *user, unsigned int len,
if (len != size + num_counters * sizeof(struct xt_counters))
return -EINVAL;
+ xt2_table = xt2_table_lookup(net, name, NFPROTO_IPV6,
+ XT2_KEEP_RCULOCK);
+ if (xt2_table != NULL) {
+ ret = xts_get_counters(xt2_table, user + size, num_counters);
+ rcu_read_unlock();
+ return ret;
+ }
+ rcu_read_unlock();
+
paddc = vmalloc(len - size);
if (!paddc)
return -ENOMEM;
diff --git a/net/netfilter/xt1_support.c b/net/netfilter/xt1_support.c
index d87e0ab..675428c 100644
--- a/net/netfilter/xt1_support.c
+++ b/net/netfilter/xt1_support.c
@@ -88,6 +88,23 @@ void xts_rule_get_quota(const struct xt2_entry_match *ematch,
}
EXPORT_SYMBOL_GPL(xts_rule_get_quota);
+static void xts_rule_set_quota(const struct xt2_entry_match *ematch,
+ uint64_t bytes, uint64_t pkts)
+{
+ const struct xt_quota_mtinfo3 *q;
+
+ /* Bytes */
+ q = ematch->data;
+ spin_lock_bh(&q->master->lock);
+ q->master->quota = bytes;
+ spin_unlock_bh(&q->master->lock);
+ /* Packets */
+ q = list_entry(ematch->anchor.next, typeof(*ematch), anchor)->data;
+ spin_lock_bh(&q->master->lock);
+ q->master->quota = pkts;
+ spin_unlock_bh(&q->master->lock);
+}
+
static int
xts_blob_prep_rule(const struct xt2_rule *rule, const struct xt1_xlat_info *io,
unsigned int *underflow, unsigned int z)
@@ -326,4 +343,50 @@ int xts_table_replace(void __user *counters_ptr, unsigned int num_counters,
}
EXPORT_SYMBOL_GPL(xts_table_replace);
+/**
+ * @table: xt2 table with rules to modify
+ * @ptr: source counter array
+ * @cnum: maximum number of counters to read
+ */
+int xts_get_counters(struct xt2_table *table,
+ const struct xt_counters __user *ptr, unsigned int cnum)
+{
+ const struct xt2_entry_match *ematch;
+ const struct xt2_chain *chain;
+ const struct xt2_rule *rule;
+ struct xt_counters ctinfo;
+ unsigned int i = 0;
+ int ret = 0;
+
+ rcu_read_lock();
+ list_for_each_entry(chain, &table->chain_list, anchor) {
+ if (i == cnum)
+ break;
+ if (!xt2_builtin_chain(chain))
+ /* Skip counters for start-of-chain marker */
+ ++i;
+
+ list_for_each_entry(rule, &chain->rule_list, anchor) {
+ if (i == cnum)
+ break;
+ ematch = xts_rule_quota_ptr(rule);
+ if (ematch == NULL) {
+ ret = -EIO;
+ goto out;
+ }
+ ret = copy_from_user(&ctinfo, &ptr[i++],
+ sizeof(ctinfo));
+ if (ret < 0)
+ goto out;
+ xts_rule_set_quota(ematch, ctinfo.bcnt, ctinfo.pcnt);
+ }
+ }
+
+ /* Ignore EOR marker or additional counters. */
+ out:
+ rcu_read_unlock();
+ return ret;
+}
+EXPORT_SYMBOL_GPL(xts_get_counters);
+
MODULE_LICENSE("GPL");
--
1.7.1
next prev parent reply other threads:[~2010-06-29 8:44 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-29 8:42 xt2 table core Jan Engelhardt
2010-06-29 8:42 ` [PATCH 01/56] netfilter: ebtables: simplify a device in/out check Jan Engelhardt
2010-06-29 8:42 ` [PATCH 02/56] netfilter: ebtables: change ebt_basic_match to xt convention Jan Engelhardt
2010-06-29 8:42 ` [PATCH 03/56] netfilter: xtables: move functions around Jan Engelhardt
2010-06-29 8:42 ` [PATCH 04/56] netfilter: xtables: convert basic nfproto match functions into xt matches Jan Engelhardt
2010-06-29 8:42 ` [PATCH 05/56] netfilter: xtables2: initial table skeletal functions Jan Engelhardt
2010-06-29 8:42 ` [PATCH 06/56] netfilter: xtables2: initial chain " Jan Engelhardt
2010-06-29 8:42 ` [PATCH 07/56] netfilter: xtables2: initial rule " Jan Engelhardt
2010-06-29 8:42 ` [PATCH 08/56] netfilter: xtables: alternate size checking in xt_check_match Jan Engelhardt
2010-06-29 8:42 ` [PATCH 09/56] netfilter: xtables: alternate size checking in xt_check_target Jan Engelhardt
2010-06-29 8:42 ` [PATCH 10/56] netfilter: xtables2: per-rule match skeletal functions Jan Engelhardt
2010-06-29 8:42 ` [PATCH 11/56] netfilter: xtables2: per-rule target " Jan Engelhardt
2010-06-29 8:42 ` [PATCH 12/56] netfilter: xtables2: xt_check_target in combination with xt2 contexts Jan Engelhardt
2010-06-29 8:42 ` [PATCH 13/56] netfilter: xtables2: jumpstack (de)allocation functions Jan Engelhardt
2010-06-29 8:42 ` [PATCH 14/56] netfilter: xtables2: table traversal Jan Engelhardt
2010-06-29 8:42 ` [PATCH 15/56] netfilter: xtables: add xt_quota revision 3 Jan Engelhardt
2010-06-29 8:42 ` [PATCH 16/56] netfilter: xtables2: make a copy of the ipv6_filter table Jan Engelhardt
2010-06-29 8:42 ` [PATCH 17/56] netfilter: xtables2: initial xt1->xt2 translation for tables Jan Engelhardt
2010-06-29 8:42 ` [PATCH 18/56] netfilter: xtables2: xt2->xt1 translation - GET_INFO support Jan Engelhardt
2010-06-29 8:42 ` [PATCH 19/56] netfilter: xtables2: xt2->xt1 translation - GET_ENTRIES support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 20/56] netfilter: xtables2: xt1->xt2 translation - SET_REPLACE support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 21/56] netfilter: xtables2: return counters after SET_REPLACE Jan Engelhardt
2010-06-29 8:43 ` Jan Engelhardt [this message]
2010-06-29 8:43 ` [PATCH 23/56] netfilter: xtables2: xt2->xt1 translation - compat GET_INFO support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 24/56] netfilter: ip6tables: move mark_chains to xt1_perproto.c Jan Engelhardt
2010-06-29 8:43 ` [PATCH 25/56] netfilter: xtables2: xt2<->xt1 translation - compat GET_ENTRIES/SET_REPLACE support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 26/56] netfilter: xtables2: compat->normal match data translation Jan Engelhardt
2010-06-29 8:43 ` [PATCH 27/56] netfilter: xtables2: compat->normal target " Jan Engelhardt
2010-06-29 8:43 ` [PATCH 28/56] netfilter: xtables2: outsource code into xts_match_to_xt1 function Jan Engelhardt
2010-06-29 8:43 ` [PATCH 29/56] netfilter: xtables2: normal->compat match data translation Jan Engelhardt
2010-06-29 8:43 ` [PATCH 30/56] netfilter: xtables2: normal->compat target " Jan Engelhardt
2010-06-29 8:43 ` [PATCH 31/56] netfilter: xtables2: packet tracing Jan Engelhardt
2010-06-29 8:43 ` [PATCH 32/56] netfilter: xtables: turn procfs entries to walk xt2 table list Jan Engelhardt
2010-06-29 8:43 ` [PATCH 33/56] netfilter: xtables2: switch ip6's tables to the xt2 table format Jan Engelhardt
2010-06-29 8:47 ` xt2 table core [*/33, not */56] Jan Engelhardt
2010-07-02 3:32 ` xt2 table core Simon Lodal
2010-07-04 13:56 ` Jan Engelhardt
2010-07-04 17:22 ` Simon Lodal
2010-07-04 18:00 ` Jan Engelhardt
2010-07-05 8:55 ` Patrick McHardy
2010-07-05 9:13 ` Jan Engelhardt
2010-07-05 9:15 ` Patrick McHardy
2010-07-05 9:36 ` Eric Dumazet
2010-07-05 9:42 ` Jan Engelhardt
2010-07-05 10:22 ` Eric Dumazet
2010-07-05 10:34 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1277801017-30600-23-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).