aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Crispin <john@phrozen.org>2018-08-13 17:00:14 +0200
committerJohn Crispin <john@phrozen.org>2018-08-28 11:30:39 +0200
commit1d4d156a7ce67988f922c470f622f6dd2a5c161b (patch)
tree9af4704c330e228eafe796d23ed2d31416ad069a
parent7af1fb9faafbc842fc727c49108f5fc4edc08601 (diff)
downloadupstream-1d4d156a7ce67988f922c470f622f6dd2a5c161b.tar.gz
upstream-1d4d156a7ce67988f922c470f622f6dd2a5c161b.tar.bz2
upstream-1d4d156a7ce67988f922c470f622f6dd2a5c161b.zip
generic: add flow_offload accounting
This patch makes the flow offloading layer account for the traffic inside the conntack entries. Signed-off-by: John Crispin <john@phrozen.org>
-rw-r--r--target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch70
1 files changed, 70 insertions, 0 deletions
diff --git a/target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch b/target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch
new file mode 100644
index 0000000000..290570fe9f
--- /dev/null
+++ b/target/linux/generic/hack-4.14/647-netfilter-flow-acct.patch
@@ -0,0 +1,70 @@
+--- a/include/net/netfilter/nf_flow_table.h
++++ b/include/net/netfilter/nf_flow_table.h
+@@ -164,6 +164,8 @@ struct nf_flow_table_hw {
+ int nf_flow_table_hw_register(const struct nf_flow_table_hw *offload);
+ void nf_flow_table_hw_unregister(const struct nf_flow_table_hw *offload);
+
++void nf_flow_table_acct(struct flow_offload *flow, struct sk_buff *skb, int dir);
++
+ extern struct work_struct nf_flow_offload_hw_work;
+
+ #define MODULE_ALIAS_NF_FLOWTABLE(family) \
+--- a/net/netfilter/nf_flow_table_core.c
++++ b/net/netfilter/nf_flow_table_core.c
+@@ -11,6 +11,7 @@
+ #include <net/netfilter/nf_conntrack.h>
+ #include <net/netfilter/nf_conntrack_core.h>
+ #include <net/netfilter/nf_conntrack_tuple.h>
++#include <net/netfilter/nf_conntrack_acct.h>
+
+ struct flow_offload_entry {
+ struct flow_offload flow;
+@@ -151,6 +152,22 @@ void flow_offload_free(struct flow_offlo
+ }
+ EXPORT_SYMBOL_GPL(flow_offload_free);
+
++void nf_flow_table_acct(struct flow_offload *flow, struct sk_buff *skb, int dir)
++{
++ struct flow_offload_entry *entry;
++ struct nf_conn_acct *acct;
++
++ entry = container_of(flow, struct flow_offload_entry, flow);
++ acct = nf_conn_acct_find(entry->ct);
++ if (acct) {
++ struct nf_conn_counter *counter = acct->counter;
++
++ atomic64_inc(&counter[dir].packets);
++ atomic64_add(skb->len, &counter[dir].bytes);
++ }
++}
++EXPORT_SYMBOL_GPL(nf_flow_table_acct);
++
+ static u32 flow_offload_hash(const void *data, u32 len, u32 seed)
+ {
+ const struct flow_offload_tuple *tuple = data;
+--- a/net/netfilter/nf_flow_table_ip.c
++++ b/net/netfilter/nf_flow_table_ip.c
+@@ -11,6 +11,7 @@
+ #include <net/ip6_route.h>
+ #include <net/neighbour.h>
+ #include <net/netfilter/nf_flow_table.h>
++
+ /* For layer 4 checksum field offset. */
+ #include <linux/tcp.h>
+ #include <linux/udp.h>
+@@ -265,6 +266,7 @@ nf_flow_offload_ip_hook(void *priv, stru
+ skb->dev = outdev;
+ nexthop = rt_nexthop(rt, flow->tuplehash[!dir].tuple.src_v4.s_addr);
+ skb_dst_set_noref(skb, &rt->dst);
++ nf_flow_table_acct(flow, skb, dir);
+ neigh_xmit(NEIGH_ARP_TABLE, outdev, &nexthop, skb);
+
+ return NF_STOLEN;
+@@ -482,6 +484,7 @@ nf_flow_offload_ipv6_hook(void *priv, st
+ skb->dev = outdev;
+ nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6);
+ skb_dst_set_noref(skb, &rt->dst);
++ nf_flow_table_acct(flow, skb, dir);
+ neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb);
+
+ return NF_STOLEN;