Message ID | 1378296333-19208-3-git-send-email-valentina.giusti@bmw-carit.de |
---|---|
State | Not Applicable |
Headers | show |
On Wed, Sep 04, 2013 at 02:05:31PM +0200, valentina.giusti@bmw-carit.de wrote: > From: Valentina Giusti <valentina.giusti@bmw-carit.de> > > Introduce support for notifications. Intervals can be configured as bytes > and packets or as time periods. When the intervals are configured in both > ways, it's also possible to specify a limit for the amount of > notifications based on accounted packets or bytes during a single period. > > Signed-off-by: Valentina Giusti <valentina.giusti@bmw-carit.de> > Cc: Pablo Neira Ayuso <pablo@netfilter.org> > Cc: Patrick McHardy <kaber@trash.net> > Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> > Cc: "David S. Miller" <davem@davemloft.net> > --- > include/libnetfilter_acct/libnetfilter_acct.h | 5 +++ > include/linux/netfilter/nfnetlink_acct.h | 6 ++++ > src/libnetfilter_acct.c | 45 +++++++++++++++++++++++++ > 3 files changed, 56 insertions(+) > > diff --git a/include/libnetfilter_acct/libnetfilter_acct.h b/include/libnetfilter_acct/libnetfilter_acct.h > index b00e366..b0a5bf6 100644 > --- a/include/libnetfilter_acct/libnetfilter_acct.h > +++ b/include/libnetfilter_acct/libnetfilter_acct.h > @@ -14,6 +14,11 @@ enum nfacct_attr_type { > NFACCT_ATTR_NAME = 0, > NFACCT_ATTR_PKTS, > NFACCT_ATTR_BYTES, > + NFACCT_ATTR_NOTIFY_PKTS, > + NFACCT_ATTR_NOTIFY_P_RL, /* packets notification rate limit */ > + NFACCT_ATTR_NOTIFY_BYTES, > + NFACCT_ATTR_NOTIFY_B_RL, /* bytes notification rate limit */ > + NFACCT_ATTR_NOTIFY_PERIOD, > }; > > struct nfacct *nfacct_alloc(void); > diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h > index c7b6269..8125e57 100644 > --- a/include/linux/netfilter/nfnetlink_acct.h > +++ b/include/linux/netfilter/nfnetlink_acct.h > @@ -10,6 +10,7 @@ enum nfnl_acct_msg_types { > NFNL_MSG_ACCT_GET, > NFNL_MSG_ACCT_GET_CTRZERO, > NFNL_MSG_ACCT_DEL, > + NFNL_MSG_ACCT_NOTIFY, > NFNL_MSG_ACCT_MAX > }; > > @@ -19,6 +20,11 @@ enum nfnl_acct_type { > NFACCT_PKTS, > NFACCT_BYTES, > NFACCT_USE, > + NFACCT_NOTIFY_PKTS, > + NFACCT_NOTIFY_P_RL, /* packets notification rate limit */ > + NFACCT_NOTIFY_BYTES, > + NFACCT_NOTIFY_B_RL, /* bytes notification rate limit */ > + NFACCT_NOTIFY_PERIOD, > __NFACCT_MAX > }; > #define NFACCT_MAX (__NFACCT_MAX - 1) > diff --git a/src/libnetfilter_acct.c b/src/libnetfilter_acct.c > index ba89e2d..4fb0d26 100644 > --- a/src/libnetfilter_acct.c > +++ b/src/libnetfilter_acct.c > @@ -60,6 +60,11 @@ struct nfacct { > char name[NFACCT_NAME_MAX]; > uint64_t pkts; > uint64_t bytes; > + uint32_t notify_pkts; > + uint32_t notify_pkts_rl; > + uint32_t notify_bytes; > + uint32_t notify_bytes_rl; > + uint32_t notify_period; This is bloating the nfacct object for everyone in the earth not using this notification infrastructure. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Pablo, On 09/04/2013 02:44 PM, Pablo Neira Ayuso wrote: > On Wed, Sep 04, 2013 at 02:05:31PM +0200,valentina.giusti@bmw-carit.de wrote: <snip> >> #define NFACCT_MAX (__NFACCT_MAX - 1) >> diff --git a/src/libnetfilter_acct.c b/src/libnetfilter_acct.c >> index ba89e2d..4fb0d26 100644 >> --- a/src/libnetfilter_acct.c >> +++ b/src/libnetfilter_acct.c >> @@ -60,6 +60,11 @@ struct nfacct { >> char name[NFACCT_NAME_MAX]; >> uint64_t pkts; >> uint64_t bytes; >> + uint32_t notify_pkts; >> + uint32_t notify_pkts_rl; >> + uint32_t notify_bytes; >> + uint32_t notify_bytes_rl; >> + uint32_t notify_period; > This is bloating the nfacct object for everyone in the earth not using > this notification infrastructure. Right... I'll replace this with a pointer to another structure. Do you suggest that I also #ifdef everything? Thank you. -V. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/libnetfilter_acct/libnetfilter_acct.h b/include/libnetfilter_acct/libnetfilter_acct.h index b00e366..b0a5bf6 100644 --- a/include/libnetfilter_acct/libnetfilter_acct.h +++ b/include/libnetfilter_acct/libnetfilter_acct.h @@ -14,6 +14,11 @@ enum nfacct_attr_type { NFACCT_ATTR_NAME = 0, NFACCT_ATTR_PKTS, NFACCT_ATTR_BYTES, + NFACCT_ATTR_NOTIFY_PKTS, + NFACCT_ATTR_NOTIFY_P_RL, /* packets notification rate limit */ + NFACCT_ATTR_NOTIFY_BYTES, + NFACCT_ATTR_NOTIFY_B_RL, /* bytes notification rate limit */ + NFACCT_ATTR_NOTIFY_PERIOD, }; struct nfacct *nfacct_alloc(void); diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h index c7b6269..8125e57 100644 --- a/include/linux/netfilter/nfnetlink_acct.h +++ b/include/linux/netfilter/nfnetlink_acct.h @@ -10,6 +10,7 @@ enum nfnl_acct_msg_types { NFNL_MSG_ACCT_GET, NFNL_MSG_ACCT_GET_CTRZERO, NFNL_MSG_ACCT_DEL, + NFNL_MSG_ACCT_NOTIFY, NFNL_MSG_ACCT_MAX }; @@ -19,6 +20,11 @@ enum nfnl_acct_type { NFACCT_PKTS, NFACCT_BYTES, NFACCT_USE, + NFACCT_NOTIFY_PKTS, + NFACCT_NOTIFY_P_RL, /* packets notification rate limit */ + NFACCT_NOTIFY_BYTES, + NFACCT_NOTIFY_B_RL, /* bytes notification rate limit */ + NFACCT_NOTIFY_PERIOD, __NFACCT_MAX }; #define NFACCT_MAX (__NFACCT_MAX - 1) diff --git a/src/libnetfilter_acct.c b/src/libnetfilter_acct.c index ba89e2d..4fb0d26 100644 --- a/src/libnetfilter_acct.c +++ b/src/libnetfilter_acct.c @@ -60,6 +60,11 @@ struct nfacct { char name[NFACCT_NAME_MAX]; uint64_t pkts; uint64_t bytes; + uint32_t notify_pkts; + uint32_t notify_pkts_rl; + uint32_t notify_bytes; + uint32_t notify_bytes_rl; + uint32_t notify_period; uint32_t bitset; }; @@ -114,6 +119,26 @@ nfacct_attr_set(struct nfacct *nfacct, enum nfacct_attr_type type, nfacct->bytes = *((uint64_t *) data); nfacct->bitset |= (1 << NFACCT_ATTR_BYTES); break; + case NFACCT_ATTR_NOTIFY_PKTS: + nfacct->notify_pkts = *((uint32_t *) data); + nfacct->bitset |= (1 << NFACCT_ATTR_NOTIFY_PKTS); + break; + case NFACCT_ATTR_NOTIFY_P_RL: + nfacct->notify_pkts_rl = *((uint32_t *) data); + nfacct->bitset |= (1 << NFACCT_ATTR_NOTIFY_P_RL); + break; + case NFACCT_ATTR_NOTIFY_BYTES: + nfacct->notify_bytes = *((uint32_t *) data); + nfacct->bitset |= (1 << NFACCT_ATTR_NOTIFY_BYTES); + break; + case NFACCT_ATTR_NOTIFY_B_RL: + nfacct->notify_bytes_rl = *((uint32_t *) data); + nfacct->bitset |= (1 << NFACCT_ATTR_NOTIFY_B_RL); + break; + case NFACCT_ATTR_NOTIFY_PERIOD: + nfacct->notify_period = *((uint32_t *) data); + nfacct->bitset |= (1 << NFACCT_ATTR_NOTIFY_PERIOD); + break; } } EXPORT_SYMBOL(nfacct_attr_set); @@ -424,6 +449,26 @@ void nfacct_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfacct *nfacct) if (nfacct->bitset & (1 << NFACCT_ATTR_BYTES)) mnl_attr_put_u64(nlh, NFACCT_BYTES, htobe64(nfacct->bytes)); + + if (nfacct->bitset & (1 << NFACCT_ATTR_NOTIFY_PKTS)) + mnl_attr_put_u32(nlh, NFACCT_NOTIFY_PKTS, + htobe32(nfacct->notify_pkts)); + + if (nfacct->bitset & (1 << NFACCT_ATTR_NOTIFY_P_RL)) + mnl_attr_put_u32(nlh, NFACCT_NOTIFY_P_RL, + htobe32(nfacct->notify_pkts_rl)); + + if (nfacct->bitset & (1 << NFACCT_ATTR_NOTIFY_BYTES)) + mnl_attr_put_u32(nlh, NFACCT_NOTIFY_BYTES, + htobe32(nfacct->notify_bytes)); + + if (nfacct->bitset & (1 << NFACCT_ATTR_NOTIFY_B_RL)) + mnl_attr_put_u32(nlh, NFACCT_NOTIFY_B_RL, + htobe32(nfacct->notify_bytes_rl)); + + if (nfacct->bitset & (1 << NFACCT_ATTR_NOTIFY_PERIOD)) + mnl_attr_put_u32(nlh, NFACCT_NOTIFY_PERIOD, + htobe32(nfacct->notify_period)); } EXPORT_SYMBOL(nfacct_nlmsg_build_payload);