Re: [PATCH 2/3] netfilter: xt_connbytes: Force CT tracking to be enabled

Tim Gardner <tim.gardner@xxxxxxxxxxxxx> · Tue, 22 Jun 2010 11:55:59 -0600

On 06/22/2010 10:49 AM, Jan Engelhardt wrote:


On Tuesday 2010-06-22 18:44, tim.gardner@xxxxxxxxxxxxx wrote:
net/netfilter/xt_connbytes.c |   13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)

+	 * accounting is enabled, so complain about it until someone notices.
+	 * It _should_ only print one warning message.
+	 */
+	if (unlikely(nf_ct_acct_enabled(ct) == false)) {
+		if (net_ratelimit())
+			pr_warning("ipt_connbytes: Force enabling CT accounting\n");
+		nf_ct_set_acct(ct, true);
+	}

Am I in a timewarp vortex? It's xt_connbytes, not ipt_connbytes.
Better yet, use KBUILD_MODNAME together with pr_fmt.
--

It turns out that pr_warning() already uses pr_fmt(). Change pushed.

rtg
--
Tim Gardner tim.gardner@xxxxxxxxxxxxx
>From 5b47470d916e85bfc5df835580c5898997fdeb81 Mon Sep 17 00:00:00 2001
From: Tim Gardner <tim.gardner@xxxxxxxxxxxxx>
Date: Tue, 22 Jun 2010 09:27:30 -0600
Subject: [PATCH 2/3] netfilter: xt_connbytes: Force CT accounting to be enabled

Check at runtime that CT accounting is enabled, and force it
to be enabled if not.

This is in preparation for deprecating CONFIG_NF_CT_ACCT.

Signed-off-by: Tim Gardner <tim.gardner@xxxxxxxxxxxxx>
---
 net/netfilter/xt_connbytes.c |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c
index 7351783..b25bf54 100644
--- a/net/netfilter/xt_connbytes.c
+++ b/net/netfilter/xt_connbytes.c
@@ -21,7 +21,7 @@ static bool
 connbytes_mt(const struct sk_buff *skb, struct xt_action_param *par)
 {
 	const struct xt_connbytes_info *sinfo = par->matchinfo;
-	const struct nf_conn *ct;
+	struct nf_conn *ct;
 	enum ip_conntrack_info ctinfo;
 	u_int64_t what = 0;	/* initialize to make gcc happy */
 	u_int64_t bytes = 0;
@@ -32,6 +32,17 @@ connbytes_mt(const struct sk_buff *skb, struct xt_action_param *par)
 	if (!ct)
 		return false;
 
+	/*
+	 * This filter cannot function correctly unless connection tracking
+	 * accounting is enabled, so complain about it until someone notices.
+	 * It _should_ only print one warning message.
+	 */
+	if (unlikely(nf_ct_acct_enabled(ct) == false)) {
+		if (net_ratelimit())
+			pr_warning("Force enabling CT accounting\n");
+		nf_ct_set_acct(ct, true);
+	}
+
 	counters = nf_conn_acct_find(ct);
 	if (!counters)
 		return false;
-- 
1.7.0.4





