* [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys @ 2016-12-25 11:58 Liping Zhang 2016-12-25 11:58 ` [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support Liping Zhang 2017-01-03 13:38 ` [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Pablo Neira Ayuso 0 siblings, 2 replies; 4+ messages in thread From: Liping Zhang @ 2016-12-25 11:58 UTC (permalink / raw) To: pablo; +Cc: netfilter-devel, Liping Zhang From: Liping Zhang <zlpnobody@gmail.com> We missed to add descriptions about NFT_CT_LABELS, NFT_CT_PKTS and NFT_CT_BYTES, now add it. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> --- include/uapi/linux/netfilter/nf_tables.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index 881d49e..5726f90 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -860,6 +860,9 @@ enum nft_rt_attributes { * @NFT_CT_PROTOCOL: conntrack layer 4 protocol * @NFT_CT_PROTO_SRC: conntrack layer 4 protocol source * @NFT_CT_PROTO_DST: conntrack layer 4 protocol destination + * @NFT_CT_LABELS: conntrack labels + * @NFT_CT_PKTS: conntrack packets + * @NFT_CT_BYTES: conntrack bytes */ enum nft_ct_keys { NFT_CT_STATE, -- 2.5.5 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support 2016-12-25 11:58 [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Liping Zhang @ 2016-12-25 11:58 ` Liping Zhang 2017-01-03 13:41 ` Pablo Neira Ayuso 2017-01-03 13:38 ` [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Pablo Neira Ayuso 1 sibling, 1 reply; 4+ messages in thread From: Liping Zhang @ 2016-12-25 11:58 UTC (permalink / raw) To: pablo; +Cc: netfilter-devel, Liping Zhang From: Liping Zhang <zlpnobody@gmail.com> Similar to xt_connbytes, user can match how many average bytes per packet a connection has transferred so far. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> --- include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nft_ct.c | 22 +++++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index 5726f90..b00a05d 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -863,6 +863,7 @@ enum nft_rt_attributes { * @NFT_CT_LABELS: conntrack labels * @NFT_CT_PKTS: conntrack packets * @NFT_CT_BYTES: conntrack bytes + * @NFT_CT_AVGPKT: conntrack average bytes per packet */ enum nft_ct_keys { NFT_CT_STATE, @@ -881,6 +882,7 @@ enum nft_ct_keys { NFT_CT_LABELS, NFT_CT_PKTS, NFT_CT_BYTES, + NFT_CT_AVGPKT, }; /** diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index e6baeae..d774d78 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -129,6 +129,22 @@ static void nft_ct_get_eval(const struct nft_expr *expr, memcpy(dest, &count, sizeof(count)); return; } + case NFT_CT_AVGPKT: { + const struct nf_conn_acct *acct = nf_conn_acct_find(ct); + u64 avgcnt = 0, bcnt = 0, pcnt = 0; + + if (acct) { + pcnt = nft_ct_get_eval_counter(acct->counter, + NFT_CT_PKTS, priv->dir); + bcnt = nft_ct_get_eval_counter(acct->counter, + NFT_CT_BYTES, priv->dir); + if (pcnt != 0) + avgcnt = div64_u64(bcnt, pcnt); + } + + memcpy(dest, &avgcnt, sizeof(avgcnt)); + return; + } case NFT_CT_L3PROTOCOL: *dest = nf_ct_l3num(ct); return; @@ -316,6 +332,7 @@ static int nft_ct_get_init(const struct nft_ctx *ctx, break; case NFT_CT_BYTES: case NFT_CT_PKTS: + case NFT_CT_AVGPKT: /* no direction? return sum of original + reply */ if (tb[NFTA_CT_DIRECTION] == NULL) priv->dir = IP_CT_DIR_MAX; @@ -346,7 +363,9 @@ static int nft_ct_get_init(const struct nft_ctx *ctx, if (err < 0) return err; - if (priv->key == NFT_CT_BYTES || priv->key == NFT_CT_PKTS) + if (priv->key == NFT_CT_BYTES || + priv->key == NFT_CT_PKTS || + priv->key == NFT_CT_AVGPKT) nf_ct_set_acct(ctx->net, true); return 0; @@ -445,6 +464,7 @@ static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr) break; case NFT_CT_BYTES: case NFT_CT_PKTS: + case NFT_CT_AVGPKT: if (priv->dir < IP_CT_DIR_MAX && nla_put_u8(skb, NFTA_CT_DIRECTION, priv->dir)) goto nla_put_failure; -- 2.5.5 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support 2016-12-25 11:58 ` [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support Liping Zhang @ 2017-01-03 13:41 ` Pablo Neira Ayuso 0 siblings, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2017-01-03 13:41 UTC (permalink / raw) To: Liping Zhang; +Cc: netfilter-devel, Liping Zhang On Sun, Dec 25, 2016 at 07:58:59PM +0800, Liping Zhang wrote: > From: Liping Zhang <zlpnobody@gmail.com> > > Similar to xt_connbytes, user can match how many average bytes per packet > a connection has transferred so far. Also applied, thanks. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys 2016-12-25 11:58 [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Liping Zhang 2016-12-25 11:58 ` [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support Liping Zhang @ 2017-01-03 13:38 ` Pablo Neira Ayuso 1 sibling, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2017-01-03 13:38 UTC (permalink / raw) To: Liping Zhang; +Cc: netfilter-devel, Liping Zhang On Sun, Dec 25, 2016 at 07:58:58PM +0800, Liping Zhang wrote: > From: Liping Zhang <zlpnobody@gmail.com> > > We missed to add descriptions about NFT_CT_LABELS, NFT_CT_PKTS and > NFT_CT_BYTES, now add it. Applied, thanks. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-01-03 13:42 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-12-25 11:58 [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Liping Zhang 2016-12-25 11:58 ` [PATCH nf-next 2/2] netfilter: nft_ct: add average bytes per packet support Liping Zhang 2017-01-03 13:41 ` Pablo Neira Ayuso 2017-01-03 13:38 ` [PATCH nf-next 1/2] netfilter: nf_tables: add missing descriptions in nft_ct_keys Pablo Neira Ayuso
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).