KumiSystems/openwrtv4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

generic: add flow_offload accounting

Browse source 
This patch makes the flow offloading layer account for the traffic inside
the conntack entries.

Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
John Crispin 2018-08-13 17:00:14 +02:00
parent 7af1fb9faa
commit 1d4d156a7c
1 changed files with 70 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch Normal file
View file

@ -0,0 +1,70 @@
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -164,6 +164,8 @@ struct nf_flow_table_hw {
int nf_flow_table_hw_register(const struct nf_flow_table_hw *offload);
void nf_flow_table_hw_unregister(const struct nf_flow_table_hw *offload);
+void nf_flow_table_acct(struct flow_offload *flow, struct sk_buff *skb, int dir);
+
extern struct work_struct nf_flow_offload_hw_work;
#define MODULE_ALIAS_NF_FLOWTABLE(family) \
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -11,6 +11,7 @@
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_core.h>
#include <net/netfilter/nf_conntrack_tuple.h>
+#include <net/netfilter/nf_conntrack_acct.h>
struct flow_offload_entry {
struct flow_offload flow;
@@ -151,6 +152,22 @@ void flow_offload_free(struct flow_offlo
}
EXPORT_SYMBOL_GPL(flow_offload_free);
+void nf_flow_table_acct(struct flow_offload *flow, struct sk_buff *skb, int dir)
+{
+ struct flow_offload_entry *entry;
+ struct nf_conn_acct *acct;
+
+ entry = container_of(flow, struct flow_offload_entry, flow);
+ acct = nf_conn_acct_find(entry->ct);
+ if (acct) {
+ struct nf_conn_counter *counter = acct->counter;
+
+ atomic64_inc(&counter[dir].packets);
+ atomic64_add(skb->len, &counter[dir].bytes);
+ }
+}
+EXPORT_SYMBOL_GPL(nf_flow_table_acct);
+
static u32 flow_offload_hash(const void *data, u32 len, u32 seed)
{
const struct flow_offload_tuple *tuple = data;
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -11,6 +11,7 @@
#include <net/ip6_route.h>
#include <net/neighbour.h>
#include <net/netfilter/nf_flow_table.h>
+
/* For layer 4 checksum field offset. */
#include <linux/tcp.h>
#include <linux/udp.h>
@@ -265,6 +266,7 @@ nf_flow_offload_ip_hook(void *priv, stru
skb->dev = outdev;
nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr);
skb_dst_set_noref(skb, &rt->dst);
+ nf_flow_table_acct(flow, skb, dir);
neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb);
return NF_STOLEN;
@@ -482,6 +484,7 @@ nf_flow_offload_ipv6_hook(void *priv, st
skb->dev = outdev;
nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6);
skb_dst_set_noref(skb, &rt->dst);
+ nf_flow_table_acct(flow, skb, dir);
neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb);
return NF_STOLEN;