Blame view
net/netfilter/nf_conntrack_acct.c
3.03 KB
584015727
netfilter: accoun...
|
1 2 3 4 5 6 7 8 9 10 11 |
/* Accouting handling for netfilter. */ /* * (C) 2008 Krzysztof Piotr Oledzki <ole@ans.pl> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <linux/netfilter.h> |
5a0e3ad6a
include cleanup: ...
|
12 |
#include <linux/slab.h> |
|
584015727
netfilter: accoun...
|
13 14 |
#include <linux/kernel.h> #include <linux/moduleparam.h> |
bc3b2d7fb
net: Add export.h...
|
15 |
#include <linux/export.h> |
|
584015727
netfilter: accoun...
|
16 17 18 19 |
#include <net/netfilter/nf_conntrack.h> #include <net/netfilter/nf_conntrack_extend.h> #include <net/netfilter/nf_conntrack_acct.h> |
eb9399220
module_param: mak...
|
20 |
static bool nf_ct_acct __read_mostly; |
|
584015727
netfilter: accoun...
|
21 22 23 24 25 |
module_param_named(acct, nf_ct_acct, bool, 0644); MODULE_PARM_DESC(acct, "Enable connection tracking flow accounting."); #ifdef CONFIG_SYSCTL |
|
584015727
netfilter: accoun...
|
26 27 |
static struct ctl_table acct_sysctl_table[] = {
{
|
|
584015727
netfilter: accoun...
|
28 |
.procname = "nf_conntrack_acct", |
d716a4dfb
netfilter: netns ...
|
29 |
.data = &init_net.ct.sysctl_acct, |
|
584015727
netfilter: accoun...
|
30 31 |
.maxlen = sizeof(unsigned int), .mode = 0644, |
|
6d9f239a1
net: '&' redux
|
32 |
.proc_handler = proc_dointvec, |
|
584015727
netfilter: accoun...
|
33 34 35 36 37 38 39 40 |
},
{}
};
#endif /* CONFIG_SYSCTL */
unsigned int
seq_print_acct(struct seq_file *s, const struct nf_conn *ct, int dir)
{
|
f7b13e433
netfilter: introd...
|
41 42 |
struct nf_conn_acct *acct; struct nf_conn_counter *counter; |
|
584015727
netfilter: accoun...
|
43 44 45 46 |
acct = nf_conn_acct_find(ct); if (!acct) return 0; |
|
f7b13e433
netfilter: introd...
|
47 |
counter = acct->counter; |
|
584015727
netfilter: accoun...
|
48 |
return seq_printf(s, "packets=%llu bytes=%llu ", |
|
f7b13e433
netfilter: introd...
|
49 50 |
(unsigned long long)atomic64_read(&counter[dir].packets), (unsigned long long)atomic64_read(&counter[dir].bytes)); |
|
584015727
netfilter: accoun...
|
51 52 53 54 |
};
EXPORT_SYMBOL_GPL(seq_print_acct);
static struct nf_ct_ext_type acct_extend __read_mostly = {
|
|
f7b13e433
netfilter: introd...
|
55 56 |
.len = sizeof(struct nf_conn_acct), .align = __alignof__(struct nf_conn_acct), |
|
584015727
netfilter: accoun...
|
57 58 |
.id = NF_CT_EXT_ACCT, }; |
|
d716a4dfb
netfilter: netns ...
|
59 60 |
#ifdef CONFIG_SYSCTL static int nf_conntrack_acct_init_sysctl(struct net *net) |
|
584015727
netfilter: accoun...
|
61 |
{
|
|
d716a4dfb
netfilter: netns ...
|
62 |
struct ctl_table *table; |
|
584015727
netfilter: accoun...
|
63 |
|
|
d716a4dfb
netfilter: netns ...
|
64 65 66 67 68 69 |
table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table), GFP_KERNEL); if (!table) goto out; table[0].data = &net->ct.sysctl_acct; |
|
584015727
netfilter: accoun...
|
70 |
|
464dc801c
net: Don't export...
|
71 72 73 |
/* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; |
|
ec8f23ce0
net: Convert all ...
|
74 75 |
net->ct.acct_sysctl_header = register_net_sysctl(net, "net/netfilter", table); |
|
d716a4dfb
netfilter: netns ...
|
76 77 78 79 |
if (!net->ct.acct_sysctl_header) {
printk(KERN_ERR "nf_conntrack_acct: can't register to sysctl.
");
goto out_register;
|
|
584015727
netfilter: accoun...
|
80 |
} |
|
d716a4dfb
netfilter: netns ...
|
81 |
return 0; |
|
584015727
netfilter: accoun...
|
82 |
|
|
d716a4dfb
netfilter: netns ...
|
83 84 85 86 87 |
out_register: kfree(table); out: return -ENOMEM; } |
|
584015727
netfilter: accoun...
|
88 |
|
|
d716a4dfb
netfilter: netns ...
|
89 90 91 |
static void nf_conntrack_acct_fini_sysctl(struct net *net)
{
struct ctl_table *table;
|
|
584015727
netfilter: accoun...
|
92 |
|
|
d716a4dfb
netfilter: netns ...
|
93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
table = net->ct.acct_sysctl_header->ctl_table_arg;
unregister_net_sysctl_table(net->ct.acct_sysctl_header);
kfree(table);
}
#else
static int nf_conntrack_acct_init_sysctl(struct net *net)
{
return 0;
}
static void nf_conntrack_acct_fini_sysctl(struct net *net)
{
}
#endif
|
b7ff3a1fa
netfilter: nf_ct_...
|
107 |
int nf_conntrack_acct_pernet_init(struct net *net) |
|
d716a4dfb
netfilter: netns ...
|
108 |
{
|
|
d716a4dfb
netfilter: netns ...
|
109 |
net->ct.sysctl_acct = nf_ct_acct; |
|
b7ff3a1fa
netfilter: nf_ct_...
|
110 111 |
return nf_conntrack_acct_init_sysctl(net); } |
|
d716a4dfb
netfilter: netns ...
|
112 |
|
|
b7ff3a1fa
netfilter: nf_ct_...
|
113 114 115 116 |
void nf_conntrack_acct_pernet_fini(struct net *net)
{
nf_conntrack_acct_fini_sysctl(net);
}
|
|
d716a4dfb
netfilter: netns ...
|
117 |
|
|
b7ff3a1fa
netfilter: nf_ct_...
|
118 119 120 |
int nf_conntrack_acct_init(void)
{
int ret = nf_ct_extend_register(&acct_extend);
|
|
d716a4dfb
netfilter: netns ...
|
121 |
if (ret < 0) |
|
b7ff3a1fa
netfilter: nf_ct_...
|
122 123 |
pr_err("nf_conntrack_acct: Unable to register extension
");
|
|
d716a4dfb
netfilter: netns ...
|
124 |
return ret; |
|
584015727
netfilter: accoun...
|
125 |
} |
|
b7ff3a1fa
netfilter: nf_ct_...
|
126 |
void nf_conntrack_acct_fini(void) |
|
584015727
netfilter: accoun...
|
127 |
{
|
|
b7ff3a1fa
netfilter: nf_ct_...
|
128 |
nf_ct_extend_unregister(&acct_extend); |
|
584015727
netfilter: accoun...
|
129 |
} |