On 3/25/2020 1:50 AM, Pablo Neira Ayuso wrote:
> This function allows you to update the conntrack counters.
>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> include/net/netfilter/nf_conntrack_acct.h | 2 ++
> net/netfilter/nf_conntrack_core.c | 15 +++++++--------
> 2 files changed, 9 insertions(+), 8 deletions(-)
>
> diff --git a/include/net/netfilter/nf_conntrack_acct.h b/include/net/netfilter/nf_conntrack_acct.h
> index f7a060c6eb28..df198c51244a 100644
> --- a/include/net/netfilter/nf_conntrack_acct.h
> +++ b/include/net/netfilter/nf_conntrack_acct.h
> @@ -65,6 +65,8 @@ static inline void nf_ct_set_acct(struct net *net, bool enable)
> #endif
> }
>
> +void nf_ct_acct_update(struct nf_conn *ct, u32 dir, unsigned int bytes);
> +
> void nf_conntrack_acct_pernet_init(struct net *net);
>
> int nf_conntrack_acct_init(void);
> diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
> index a18f8fe728e3..a55c1d6f8191 100644
> --- a/net/netfilter/nf_conntrack_core.c
> +++ b/net/netfilter/nf_conntrack_core.c
> @@ -863,9 +863,7 @@ nf_conntrack_hash_check_insert(struct nf_conn *ct)
> }
> EXPORT_SYMBOL_GPL(nf_conntrack_hash_check_insert);
>
> -static inline void nf_ct_acct_update(struct nf_conn *ct,
> - enum ip_conntrack_info ctinfo,
> - unsigned int len)
> +void nf_ct_acct_update(struct nf_conn *ct, u32 dir, unsigned int bytes)
> {
> struct nf_conn_acct *acct;
>
> @@ -873,10 +871,11 @@ static inline void nf_ct_acct_update(struct nf_conn *ct,
> if (acct) {
> struct nf_conn_counter *counter = acct->counter;
>
> - atomic64_inc(&counter[CTINFO2DIR(ctinfo)].packets);
> - atomic64_add(len, &counter[CTINFO2DIR(ctinfo)].bytes);
> + atomic64_inc(&counter[dir].packets);
> + atomic64_add(bytes, &counter[dir].bytes);
> }
> }
> +EXPORT_SYMBOL_GPL(nf_ct_acct_update);
This function only add one packet once. Maybe is not so suit for all the scenario
such as the HW flowtable offload get the counter from HW periodicly.
>
> static void nf_ct_acct_merge(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
> const struct nf_conn *loser_ct)
> @@ -890,7 +889,7 @@ static void nf_ct_acct_merge(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
>
> /* u32 should be fine since we must have seen one packet. */
> bytes = atomic64_read(&counter[CTINFO2DIR(ctinfo)].bytes);
> - nf_ct_acct_update(ct, ctinfo, bytes);
> + nf_ct_acct_update(ct, CTINFO2DIR(ctinfo), bytes);
> }
> }
>
> @@ -1931,7 +1930,7 @@ void __nf_ct_refresh_acct(struct nf_conn *ct,
> WRITE_ONCE(ct->timeout, extra_jiffies);
> acct:
> if (do_acct)
> - nf_ct_acct_update(ct, ctinfo, skb->len);
> + nf_ct_acct_update(ct, CTINFO2DIR(ctinfo), skb->len);
> }
> EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct);
>
> @@ -1939,7 +1938,7 @@ bool nf_ct_kill_acct(struct nf_conn *ct,
> enum ip_conntrack_info ctinfo,
> const struct sk_buff *skb)
> {
> - nf_ct_acct_update(ct, ctinfo, skb->len);
> + nf_ct_acct_update(ct, CTINFO2DIR(ctinfo), skb->len);
>
> return nf_ct_delete(ct, 0, 0);
> }
