diff options
author | John Crispin <john@phrozen.org> | 2018-08-13 17:00:14 +0200 |
---|---|---|
committer | John Crispin <john@phrozen.org> | 2018-08-28 11:30:39 +0200 |
commit | 1d4d156a7ce67988f922c470f622f6dd2a5c161b (patch) | |
tree | 9af4704c330e228eafe796d23ed2d31416ad069a | |
parent | 7af1fb9faafbc842fc727c49108f5fc4edc08601 (diff) | |
download | upstream-1d4d156a7ce67988f922c470f622f6dd2a5c161b.tar.gz upstream-1d4d156a7ce67988f922c470f622f6dd2a5c161b.tar.bz2 upstream-1d4d156a7ce67988f922c470f622f6dd2a5c161b.zip |
generic: add flow_offload accounting
This patch makes the flow offloading layer account for the traffic inside
the conntack entries.
Signed-off-by: John Crispin <john@phrozen.org>
-rw-r--r-- | target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch b/target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch new file mode 100644 index 0000000000..290570fe9f --- /dev/null +++ b/target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch @@ -0,0 +1,70 @@ +--- a/include/net/netfilter/nf_flow_table.h ++++ b/include/net/netfilter/nf_flow_table.h +@@ -164,6 +164,8 @@ struct nf_flow_table_hw { + int nf_flow_table_hw_register(const struct nf_flow_table_hw *offload); + void nf_flow_table_hw_unregister(const struct nf_flow_table_hw *offload); + ++void nf_flow_table_acct(struct flow_offload *flow, struct sk_buff *skb, int dir); ++ + extern struct work_struct nf_flow_offload_hw_work; + + #define MODULE_ALIAS_NF_FLOWTABLE(family) \ +--- a/net/netfilter/nf_flow_table_core.c ++++ b/net/netfilter/nf_flow_table_core.c +@@ -11,6 +11,7 @@ + #include <net/netfilter/nf_conntrack.h> + #include <net/netfilter/nf_conntrack_core.h> + #include <net/netfilter/nf_conntrack_tuple.h> ++#include <net/netfilter/nf_conntrack_acct.h> + + struct flow_offload_entry { + struct flow_offload flow; +@@ -151,6 +152,22 @@ void flow_offload_free(struct flow_offlo + } + EXPORT_SYMBOL_GPL(flow_offload_free); + ++void nf_flow_table_acct(struct flow_offload *flow, struct sk_buff *skb, int dir) ++{ ++ struct flow_offload_entry *entry; ++ struct nf_conn_acct *acct; ++ ++ entry = container_of(flow, struct flow_offload_entry, flow); ++ acct = nf_conn_acct_find(entry->ct); ++ if (acct) { ++ struct nf_conn_counter *counter = acct->counter; ++ ++ atomic64_inc(&counter[dir].packets); ++ atomic64_add(skb->len, &counter[dir].bytes); ++ } ++} ++EXPORT_SYMBOL_GPL(nf_flow_table_acct); ++ + static u32 flow_offload_hash(const void *data, u32 len, u32 seed) + { + const struct flow_offload_tuple *tuple = data; +--- a/net/netfilter/nf_flow_table_ip.c ++++ b/net/netfilter/nf_flow_table_ip.c +@@ -11,6 +11,7 @@ + #include <net/ip6_route.h> + #include <net/neighbour.h> + #include <net/netfilter/nf_flow_table.h> ++ + /* For layer 4 checksum field offset. */ + #include <linux/tcp.h> + #include <linux/udp.h> +@@ -265,6 +266,7 @@ nf_flow_offload_ip_hook(void *priv, stru + skb->dev = outdev; + nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr); + skb_dst_set_noref(skb, &rt->dst); ++ nf_flow_table_acct(flow, skb, dir); + neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb); + + return NF_STOLEN; +@@ -482,6 +484,7 @@ nf_flow_offload_ipv6_hook(void *priv, st + skb->dev = outdev; + nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6); + skb_dst_set_noref(skb, &rt->dst); ++ nf_flow_table_acct(flow, skb, dir); + neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb); + + return NF_STOLEN; |