tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: conncount: Support count only use case

Currently, nf_conncount_count() counts the number of connections that
matches key and inserts a conntrack 'tuple' with the same key into the
accounting data structure. This patch supports another use case that only
counts the number of connections where 'tuple' is not provided. Therefore,
proper changes are made on nf_conncount_count() to support the case where
'tuple' is NULL. This could be useful for querying statistics or
debugging purpose.

Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Yi-Hung Wei and committed by
Pablo Neira Ayuso 35d8deb8 6aec2087

+8 -2
+8 -2
net/netfilter/nf_conncount.c
··· 104 104 struct nf_conn *found_ct; 105 105 unsigned int length = 0; 106 106 107 - *addit = true; 107 + *addit = tuple ? true : false; 108 108 109 109 /* check the saved connections */ 110 110 hlist_for_each_entry_safe(conn, n, head, node) { ··· 117 117 118 118 found_ct = nf_ct_tuplehash_to_ctrack(found); 119 119 120 - if (nf_ct_tuple_equal(&conn->tuple, tuple)) { 120 + if (tuple && nf_ct_tuple_equal(&conn->tuple, tuple)) { 121 121 /* 122 122 * Just to be sure we have it only once in the list. 123 123 * We should not see tuples twice unless someone hooks ··· 220 220 goto restart; 221 221 } 222 222 223 + if (!tuple) 224 + return 0; 225 + 223 226 /* no match, need to insert new node */ 224 227 rbconn = kmem_cache_alloc(conncount_rb_cachep, GFP_ATOMIC); 225 228 if (rbconn == NULL) ··· 245 242 return 1; 246 243 } 247 244 245 + /* Count and return number of conntrack entries in 'net' with particular 'key'. 246 + * If 'tuple' is not null, insert it into the accounting data structure. 247 + */ 248 248 unsigned int nf_conncount_count(struct net *net, 249 249 struct nf_conncount_data *data, 250 250 const u32 *key,