Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b3e0bfa7 authored by Eric Dumazet's avatar Eric Dumazet Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_conntrack: use atomic64 for accounting counters 



We can use atomic64_t infrastructure to avoid taking a spinlock in fast
path, and remove inaccuracies while reading values in
ctnetlink_dump_counters() and connbytes_mt() on 32bit arches.

Suggested by Pablo.

Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 76ad94fc

include/net/netfilter/nf_conntrack_acct.h

+2 −2
Original line number Diff line number Diff line
@@ -15,8 +15,8 @@ 
#include <net/netfilter/nf_conntrack_extend.h>



struct nf_conn_counter {

	u_int64_t packets;

	u_int64_t bytes;

	atomic64_t packets;

	atomic64_t bytes;

};



static inline

net/netfilter/nf_conntrack_acct.c

+2 −2
Original line number Diff line number Diff line
@@ -46,8 +46,8 @@ seq_print_acct(struct seq_file *s, const struct nf_conn *ct, int dir) 
		return 0;



	return seq_printf(s, "packets=%llu bytes=%llu ",

			  (unsigned long long)acct[dir].packets,

			  (unsigned long long)acct[dir].bytes);

			  (unsigned long long)atomic64_read(&acct[dir].packets),

			  (unsigned long long)atomic64_read(&acct[dir].bytes));

};

EXPORT_SYMBOL_GPL(seq_print_acct);

net/netfilter/nf_conntrack_core.c

+5 −9
Original line number Diff line number Diff line
@@ -1044,10 +1044,8 @@ acct: 


		acct = nf_conn_acct_find(ct);

		if (acct) {

			spin_lock_bh(&ct->lock);

			acct[CTINFO2DIR(ctinfo)].packets++;

			acct[CTINFO2DIR(ctinfo)].bytes += skb->len;

			spin_unlock_bh(&ct->lock);

			atomic64_inc(&acct[CTINFO2DIR(ctinfo)].packets);

			atomic64_add(skb->len, &acct[CTINFO2DIR(ctinfo)].bytes);

		}

	}

}
@@ -1063,11 +1061,9 @@ bool __nf_ct_kill_acct(struct nf_conn *ct, 


		acct = nf_conn_acct_find(ct);

		if (acct) {

			spin_lock_bh(&ct->lock);

			acct[CTINFO2DIR(ctinfo)].packets++;

			acct[CTINFO2DIR(ctinfo)].bytes +=

				skb->len - skb_network_offset(skb);

			spin_unlock_bh(&ct->lock);

			atomic64_inc(&acct[CTINFO2DIR(ctinfo)].packets);

			atomic64_add(skb->len - skb_network_offset(skb),

				     &acct[CTINFO2DIR(ctinfo)].bytes);

		}

	}

net/netfilter/nf_conntrack_netlink.c

+8 −4
Original line number Diff line number Diff line
@@ -219,9 +219,9 @@ ctnetlink_dump_counters(struct sk_buff *skb, const struct nf_conn *ct, 
		goto nla_put_failure;



	NLA_PUT_BE64(skb, CTA_COUNTERS_PACKETS,

		     cpu_to_be64(acct[dir].packets));

		     cpu_to_be64(atomic64_read(&acct[dir].packets)));

	NLA_PUT_BE64(skb, CTA_COUNTERS_BYTES,

		     cpu_to_be64(acct[dir].bytes));

		     cpu_to_be64(atomic64_read(&acct[dir].bytes)));



	nla_nest_end(skb, nest_count);
@@ -720,8 +720,12 @@ restart: 
				struct nf_conn_counter *acct;



				acct = nf_conn_acct_find(ct);

				if (acct)

					memset(acct, 0, sizeof(struct nf_conn_counter[IP_CT_DIR_MAX]));

				if (acct) {

					atomic64_set(&acct[IP_CT_DIR_ORIGINAL].bytes, 0);

					atomic64_set(&acct[IP_CT_DIR_ORIGINAL].packets, 0);

					atomic64_set(&acct[IP_CT_DIR_REPLY].bytes, 0);

					atomic64_set(&acct[IP_CT_DIR_REPLY].packets, 0);

					}

			}

		}

		if (cb->args[1]) {

net/netfilter/xt_connbytes.c

+16 −16
Original line number Diff line number Diff line
@@ -40,46 +40,46 @@ connbytes_mt(const struct sk_buff *skb, struct xt_action_param *par) 
	case XT_CONNBYTES_PKTS:

		switch (sinfo->direction) {

		case XT_CONNBYTES_DIR_ORIGINAL:

			what = counters[IP_CT_DIR_ORIGINAL].packets;

			what = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].packets);

			break;

		case XT_CONNBYTES_DIR_REPLY:

			what = counters[IP_CT_DIR_REPLY].packets;

			what = atomic64_read(&counters[IP_CT_DIR_REPLY].packets);

			break;

		case XT_CONNBYTES_DIR_BOTH:

			what = counters[IP_CT_DIR_ORIGINAL].packets;

			what += counters[IP_CT_DIR_REPLY].packets;

			what = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].packets);

			what += atomic64_read(&counters[IP_CT_DIR_REPLY].packets);

			break;

		}

		break;

	case XT_CONNBYTES_BYTES:

		switch (sinfo->direction) {

		case XT_CONNBYTES_DIR_ORIGINAL:

			what = counters[IP_CT_DIR_ORIGINAL].bytes;

			what = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].bytes);

			break;

		case XT_CONNBYTES_DIR_REPLY:

			what = counters[IP_CT_DIR_REPLY].bytes;

			what = atomic64_read(&counters[IP_CT_DIR_REPLY].bytes);

			break;

		case XT_CONNBYTES_DIR_BOTH:

			what = counters[IP_CT_DIR_ORIGINAL].bytes;

			what += counters[IP_CT_DIR_REPLY].bytes;

			what = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].bytes);

			what += atomic64_read(&counters[IP_CT_DIR_REPLY].bytes);

			break;

		}

		break;

	case XT_CONNBYTES_AVGPKT:

		switch (sinfo->direction) {

		case XT_CONNBYTES_DIR_ORIGINAL:

			bytes = counters[IP_CT_DIR_ORIGINAL].bytes;

			pkts  = counters[IP_CT_DIR_ORIGINAL].packets;

			bytes = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].bytes);

			pkts  = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].packets);

			break;

		case XT_CONNBYTES_DIR_REPLY:

			bytes = counters[IP_CT_DIR_REPLY].bytes;

			pkts  = counters[IP_CT_DIR_REPLY].packets;

			bytes = atomic64_read(&counters[IP_CT_DIR_REPLY].bytes);

			pkts  = atomic64_read(&counters[IP_CT_DIR_REPLY].packets);

			break;

		case XT_CONNBYTES_DIR_BOTH:

			bytes = counters[IP_CT_DIR_ORIGINAL].bytes +

				counters[IP_CT_DIR_REPLY].bytes;

			pkts  = counters[IP_CT_DIR_ORIGINAL].packets +

				counters[IP_CT_DIR_REPLY].packets;

			bytes = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].bytes) +

				atomic64_read(&counters[IP_CT_DIR_REPLY].bytes);

			pkts  = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].packets) +

				atomic64_read(&counters[IP_CT_DIR_REPLY].packets);

			break;

		}

		if (pkts != 0)