[PATCH 23/47] netfilter: conncount: Support count only use case

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 23/47] netfilter: conncount: Support count only use case
Date: Fri, 30 Mar 2018 13:43:10 +0200	[thread overview]
Message-ID: <20180330114334.18664-4-pablo@netfilter.org> (raw)
In-Reply-To: <20180330114334.18664-1-pablo@netfilter.org>

From: Yi-Hung Wei <yihung.wei@gmail.com>

Currently, nf_conncount_count() counts the number of connections that
matches key and inserts a conntrack 'tuple' with the same key into the
accounting data structure.  This patch supports another use case that only
counts the number of connections where 'tuple' is not provided.  Therefore,
proper changes are made on nf_conncount_count() to support the case where
'tuple' is NULL.  This could be useful for querying statistics or
debugging purpose.

Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_conncount.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_conncount.c b/net/netfilter/nf_conncount.c
index 9305a08b4422..153e690e2893 100644
--- a/net/netfilter/nf_conncount.c
+++ b/net/netfilter/nf_conncount.c
@@ -104,7 +104,7 @@ static unsigned int check_hlist(struct net *net,
 	struct nf_conn *found_ct;
 	unsigned int length = 0;
 
-	*addit = true;
+	*addit = tuple ? true : false;
 
 	/* check the saved connections */
 	hlist_for_each_entry_safe(conn, n, head, node) {
@@ -117,7 +117,7 @@ static unsigned int check_hlist(struct net *net,
 
 		found_ct = nf_ct_tuplehash_to_ctrack(found);
 
-		if (nf_ct_tuple_equal(&conn->tuple, tuple)) {
+		if (tuple && nf_ct_tuple_equal(&conn->tuple, tuple)) {
 			/*
 			 * Just to be sure we have it only once in the list.
 			 * We should not see tuples twice unless someone hooks
@@ -220,6 +220,9 @@ count_tree(struct net *net, struct rb_root *root,
 		goto restart;
 	}
 
+	if (!tuple)
+		return 0;
+
 	/* no match, need to insert new node */
 	rbconn = kmem_cache_alloc(conncount_rb_cachep, GFP_ATOMIC);
 	if (rbconn == NULL)
@@ -242,6 +245,9 @@ count_tree(struct net *net, struct rb_root *root,
 	return 1;
 }
 
+/* Count and return number of conntrack entries in 'net' with particular 'key'.
+ * If 'tuple' is not null, insert it into the accounting data structure.
+ */
 unsigned int nf_conncount_count(struct net *net,
 				struct nf_conncount_data *data,
 				const u32 *key,
-- 
2.11.0

next prev parent reply	other threads:[~2018-03-30 11:43 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-30 11:43 [PATCH 20/47] netfilter: x_tables: fix build with CONFIG_COMPAT=n Pablo Neira Ayuso
2018-03-30 11:43 ` [PATCH 21/47] ipvs: use true and false for boolean values Pablo Neira Ayuso
2018-03-30 11:43 ` [PATCH 22/47] netfilter: Refactor nf_conncount Pablo Neira Ayuso
2018-03-30 11:43 ` Pablo Neira Ayuso [this message]
2018-03-30 11:43 ` [PATCH 24/47] netfilter: nft_ct: add NFT_CT_{SRC,DST}_{IP,IP6} Pablo Neira Ayuso
2018-03-30 11:43 ` [PATCH 25/47] netfilter: cttimeout: remove VLA usage Pablo Neira Ayuso
2018-03-30 11:43 ` [PATCH 26/47] netfilter: nfnetlink_cthelper: Remove " Pablo Neira Ayuso
2018-03-30 11:43 ` [PATCH 27/47] netfilter: nf_tables: remove " Pablo Neira Ayuso
2018-03-30 11:43 ` [PATCH 28/47] netfilter: ebtables: use ADD_COUNTER macro Pablo Neira Ayuso
2018-03-30 11:43 ` [PATCH 29/47] netfilter: xt_conntrack: Support bit-shifting for CONNMARK & MARK targets Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9305a08b442 dfblob:153e690e289 )
 OR (
bs:"[PATCH 23/47] netfilter: conncount: Support count only use case" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180330114334.18664-4-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).