Thanks for working on this patch.
> --- /dev/null
> +++ b/include/net/netfilter/nf_conntrack_count.h
> @@ -0,0 +1,13 @@
Should it have something like the following in the header file?
#ifdef _NF_CONNTRACK_COUNT_H
#define _NF_CONNTRACK_COUNT_H
> +struct nf_conncount_data;
> +
> +struct nf_conncount_data *nf_conncount_init(struct net *net, unsigned int family,
> + unsigned int keylen);
> +void nf_conncount_destroy(struct net *net, unsigned int family,
> + struct nf_conncount_data *data);
> +
> +unsigned int nf_conncount_count(struct net *net,
> + struct nf_conncount_data *data,
> + const u32 *key,
> + unsigned int family,
> + const struct nf_conntrack_tuple *tuple,
> + const struct nf_conntrack_zone *zone);
#endif /*_NF_CONNTRACK_COUNT_H*/
> --- /dev/null
> +++ b/net/netfilter/nf_conncount.c
> +
> +struct nf_conncount_data *nf_conncount_init(struct net *net, unsigned int family,
> + unsigned int keylen)
> +{
> + struct nf_conncount_data *data;
> + int ret, i;
> +
> + if (keylen % sizeof(u32) ||
> + keylen / sizeof(u32) > MAX_KEYLEN ||
> + keylen == 0)
> + return ERR_PTR(-EINVAL);
Just wanna to check the case that if users want to count only by zone,
since zone id is only 2 bytes, the user should claim 4 bytes as the
keylen right?
> +
> + net_get_random_once(&conncount_rnd, sizeof(conncount_rnd));
> +
> + ret = nf_ct_netns_get(net, family);
> + if (ret < 0)
> + return ERR_PTR(ret);
> +
> + data = kmalloc(sizeof(*data), GFP_KERNEL);
> + if (!data)
> + return ERR_PTR(-ENOMEM);
Should we call nf_ct_netns_put() in the error case?
> +
> + for (i = 0; i < ARRAY_SIZE(data->root); ++i)
> + data->root[i] = RB_ROOT;
> +
> + data->keylen = keylen / sizeof(u32);
> +
> + return data;
> +}
> +EXPORT_SYMBOL_GPL(nf_conncount_init);
Thanks,
-Yi-Hung
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
