From: Michael Zintakis <michael.zintakis@googlemail.com>
To: netfilter-devel@vger.kernel.org
Cc: pablo@netfilter.org
Subject: [PATCH v3 kernel 19/29] add byte threshold capability to nfacct
Date: Wed, 10 Jul 2013 19:25:17 +0100 [thread overview]
Message-ID: <1373480727-11254-20-git-send-email-michael.zintakis@googlemail.com> (raw)
In-Reply-To: <1373480727-11254-1-git-send-email-michael.zintakis@googlemail.com>
* add a 'bthr' variable to each nfacct object, allowing a bytes 'threshold'
to be stored and then reported if/when traffic breaches it.
Signed-off-by: Michael Zintakis <michael.zintakis@googlemail.com>
---
include/uapi/linux/netfilter/nfnetlink_acct.h | 9 ++++++
net/netfilter/nfnetlink_acct.c | 43 ++++++++++++++++++++++++++-
2 files changed, 51 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/netfilter/nfnetlink_acct.h b/include/uapi/linux/netfilter/nfnetlink_acct.h
index 0b65f9c1..e972970 100644
--- a/include/uapi/linux/netfilter/nfnetlink_acct.h
+++ b/include/uapi/linux/netfilter/nfnetlink_acct.h
@@ -19,10 +19,19 @@ enum nfnl_acct_type {
NFACCT_PKTS,
NFACCT_BYTES,
NFACCT_USE,
+ NFACCT_BTHR,
NFACCT_FMT,
+ NFACCT_FLAGS,
+ NFACCT_CMD,
__NFACCT_MAX
};
#define NFACCT_MAX (__NFACCT_MAX - 1)
+enum nfnl_acct_flags {
+ NFACCT_FLAG_BIT_BTHR = 0,
+ NFACCT_FLAG_BTHR = (1 << NFACCT_FLAG_BIT_BTHR),
+ NFACCT_FLAG_BIT_MAX = 1,
+ NFACCT_FLAG_MAX = (1 << NFACCT_FLAG_BIT_MAX),
+};
#endif /* _UAPI_NFNL_ACCT_H_ */
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c
index 92ecad1..18cd28e 100644
--- a/net/netfilter/nfnetlink_acct.c
+++ b/net/netfilter/nfnetlink_acct.c
@@ -32,7 +32,9 @@ static LIST_HEAD(nfnl_acct_list);
struct nf_acct {
atomic64_t pkts;
atomic64_t bytes;
+ u64 bthr;
u16 fmt;
+ u16 flags;
struct list_head head;
atomic_t refcnt;
char name[NFACCT_NAME_MAX];
@@ -44,6 +46,7 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
const struct nlmsghdr *nlh, const struct nlattr * const tb[])
{
struct nf_acct *nfacct, *matching = NULL;
+ unsigned int flags = 0, cmd = 0;
char *acct_name;
if (!tb[NFACCT_NAME] ||
@@ -51,6 +54,21 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
(!tb[NFACCT_BYTES] && tb[NFACCT_PKTS]))
return -EINVAL;
+ if (tb[NFACCT_CMD]) {
+ if (!tb[NFACCT_FLAGS])
+ return -EINVAL;
+
+ cmd = be16_to_cpu(nla_get_be16(tb[NFACCT_CMD]));
+ flags = be16_to_cpu(nla_get_be16(tb[NFACCT_FLAGS]));
+
+ if (cmd & NFACCT_FLAG_BTHR &&
+ ((flags & NFACCT_FLAG_BTHR && !tb[NFACCT_BTHR]) ||
+ (!(flags & NFACCT_FLAG_BTHR) && tb[NFACCT_BTHR])))
+ return -EINVAL;
+
+ } else if (tb[NFACCT_FLAGS])
+ return -EINVAL;
+
acct_name = nla_data(tb[NFACCT_NAME]);
if (strlen(acct_name) == 0)
return -EINVAL;
@@ -86,7 +104,7 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
* and == 0.
*
*/
- if (!tb[NFACCT_FMT]) {
+ if (!tb[NFACCT_FMT] && !cmd) {
atomic64_set(&matching->pkts, 0);
atomic64_set(&matching->bytes, 0);
}
@@ -96,6 +114,17 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
matching->fmt =
be16_to_cpu(nla_get_be16(tb[NFACCT_FMT]));
}
+ /* ... and finally set the bytes threshold */
+ if (cmd & NFACCT_FLAG_BTHR) {
+ if (flags & NFACCT_FLAG_BTHR) {
+ matching->bthr = be64_to_cpu(
+ nla_get_be64(tb[NFACCT_BTHR]));
+ matching->flags |= NFACCT_FLAG_BTHR;
+ } else {
+ matching->bthr = 0;
+ matching->flags &= ~NFACCT_FLAG_BTHR;
+ }
+ }
return 0;
}
return -EBUSY;
@@ -118,6 +147,13 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
if (tb[NFACCT_FMT]) {
nfacct->fmt = be16_to_cpu(nla_get_be16(tb[NFACCT_FMT]));
}
+ if (cmd & NFACCT_FLAG_BTHR && flags & NFACCT_FLAG_BTHR) {
+ if (tb[NFACCT_BTHR])
+ nfacct->bthr = be64_to_cpu(
+ nla_get_be64(tb[NFACCT_BTHR]));
+
+ nfacct->flags |= flags & NFACCT_FLAG_BTHR;
+ }
atomic_set(&nfacct->refcnt, 1);
list_add_tail_rcu(&nfacct->head, &nfnl_acct_list);
return 0;
@@ -154,7 +190,9 @@ nfnl_acct_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
}
if (nla_put_be64(skb, NFACCT_PKTS, cpu_to_be64(pkts)) ||
nla_put_be64(skb, NFACCT_BYTES, cpu_to_be64(bytes)) ||
+ nla_put_be64(skb, NFACCT_BTHR, cpu_to_be64(acct->bthr)) ||
nla_put_be16(skb, NFACCT_FMT, htons(acct->fmt)) ||
+ nla_put_be16(skb, NFACCT_FLAGS, htons(acct->flags)) ||
nla_put_be32(skb, NFACCT_USE, htonl(atomic_read(&acct->refcnt))))
goto nla_put_failure;
@@ -302,7 +340,10 @@ static const struct nla_policy nfnl_acct_policy[NFACCT_MAX+1] = {
[NFACCT_NAME] = { .type = NLA_NUL_STRING, .len = NFACCT_NAME_MAX-1 },
[NFACCT_BYTES] = { .type = NLA_U64 },
[NFACCT_PKTS] = { .type = NLA_U64 },
+ [NFACCT_BTHR] = { .type = NLA_U64 },
[NFACCT_FMT] = { .type = NLA_U16 },
+ [NFACCT_FLAGS] = { .type = NLA_U16 },
+ [NFACCT_CMD] = { .type = NLA_U16 },
};
static const struct nfnl_callback nfnl_acct_cb[NFNL_MSG_ACCT_MAX] = {
--
1.8.3.1
next prev parent reply other threads:[~2013-07-10 18:26 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-10 18:24 [PATCH v3 0/29] nfacct changes and additions Michael Zintakis
2013-07-10 18:24 ` [PATCH v3 kernel 1/29] bugfix: pkts/bytes need to be specified simultaneously Michael Zintakis
2013-07-10 20:04 ` Florian Westphal
2013-07-11 18:56 ` Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 kernel 2/29] bugfix: restore pkts/bytes counters in NLM_F_REPLACE Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 libnetfilter_acct 3/29] bugfix: correct xml name parsing Michael Zintakis
2013-07-15 22:24 ` Pablo Neira Ayuso
2013-07-10 18:25 ` [PATCH v3 libnetfilter_acct 4/29] bugfix: correct (plain) " Michael Zintakis
2013-07-15 22:29 ` Pablo Neira Ayuso
2013-07-10 18:25 ` [PATCH v3 nfacct 5/29] bugfix: prevent 0-sized parameter being accepted Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 6/29] bugfix: prevent 0-sized nfacct name " Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 7/29] code-refactoring changes to the "command menu" Michael Zintakis
2013-07-15 22:41 ` Pablo Neira Ayuso
2013-07-10 18:25 ` [PATCH v3 nfacct 8/29] add 2 new options: "replace" and "flush" Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 libnetfilter_acct 9/29] add *_SAVE template allowing save/restore Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 libnetfilter_acct 10/29] add *_BONLY template to show bytes-only Michael Zintakis
2013-07-15 22:42 ` Pablo Neira Ayuso
2013-07-10 18:25 ` [PATCH v3 libnetfilter_acct 11/29] add variable width and on-the-fly formatting Michael Zintakis
2013-07-15 22:51 ` Pablo Neira Ayuso
2013-07-10 18:25 ` [PATCH v3 nfacct 12/29] add variable width and on-the-fly number formatting Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 13/29] add new "save" and correct existing "restore" commands Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 14/29] add sort option to the "list" command Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 15/29] add "show bytes" option to "list" and "get" commands Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 kernel 16/29] add permanent byte/packet format capability to nfacct Michael Zintakis
2013-07-10 20:00 ` Florian Westphal
2013-07-11 18:56 ` Michael Zintakis
2013-07-11 20:12 ` Florian Westphal
2013-07-14 8:29 ` Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 libnetfilter_acct 17/29] add *permanent* number formatting support Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 18/29] add permanent number formatting to nfacct objects Michael Zintakis
2013-07-10 18:25 ` Michael Zintakis [this message]
2013-07-10 20:00 ` [PATCH v3 kernel 19/29] add byte threshold capability to nfacct Florian Westphal
2013-07-11 18:56 ` Michael Zintakis
2013-07-11 20:25 ` Florian Westphal
2013-07-17 19:44 ` Alexey Perevalov
2013-07-10 18:25 ` [PATCH v3 libnetfilter_acct 20/29] add byte threshold capability support Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 21/29] add byte threshold capabilities to nfacct objects Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 libnetfilter_acct 22/29] add *_EXTENDED template support Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 23/29] add "show extended" option to "list" and "get" commands Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 kernel 24/29] add packets and bytes mark capability to nfacct Michael Zintakis
2013-07-10 20:01 ` Florian Westphal
2013-07-11 18:56 ` Michael Zintakis
2013-07-11 1:14 ` Pablo Neira Ayuso
2013-07-11 18:56 ` Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 libnetfilter_acct 25/29] add packets/bytes mark capability support Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 26/29] add setmark and clrmark to "get" and "list" commands Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 libnetfilter_acct 27/29] add *_MONLY template support Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 28/29] add "show marks" option to "list" and "get" commands Michael Zintakis
2013-07-10 18:25 ` [PATCH v3 nfacct 29/29] change man page to describe all new features Michael Zintakis
2013-07-15 12:36 ` [0/29] nfacct changes and additions Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1373480727-11254-20-git-send-email-michael.zintakis@googlemail.com \
--to=michael.zintakis@googlemail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).