From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
This allows to use the get operation to atomically get-and-reset
counters.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
net/netfilter/nf_conntrack_netlink.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 77d209c..636617c 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1015,6 +1015,17 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
if (err < 0)
goto out;
+ if (NFNL_MSG_TYPE(nlh->nlmsg_type) == IPCTNL_MSG_CT_GET_CTRZERO) {
+ struct nf_conn_counter *acct;
+
+ acct = nf_conn_acct_find(ct);
+ if (acct) {
+ atomic64_set(&acct[IP_CT_DIR_ORIGINAL].bytes, 0);
+ atomic64_set(&acct[IP_CT_DIR_ORIGINAL].packets, 0);
+ atomic64_set(&acct[IP_CT_DIR_REPLY].bytes, 0);
+ atomic64_set(&acct[IP_CT_DIR_REPLY].packets, 0);
+ }
+ }
return 0;
free:
--
1.7.2.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
