@@ -18,6 +18,8 @@ enum nfnl_acct_type {
NFACCT_NAME,
NFACCT_PKTS,
NFACCT_BYTES,
+ NFACCT_BTHR,
+ NFACCT_FMT,
NFACCT_USE,
__NFACCT_MAX
};
@@ -32,6 +32,8 @@ static LIST_HEAD(nfnl_acct_list);
struct nf_acct {
atomic64_t pkts;
atomic64_t bytes;
+ u64 bthr;
+ u32 fmt;
struct list_head head;
atomic_t refcnt;
char name[NFACCT_NAME_MAX];
@@ -67,9 +69,39 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
if (matching) {
if (nlh->nlmsg_flags & NLM_F_REPLACE) {
- /* reset counters if you request a replacement. */
- atomic64_set(&matching->pkts, 0);
- atomic64_set(&matching->bytes, 0);
+ /* (re)set counters if you request a replacement */
+ if (tb[NFACCT_PKTS] && tb[NFACCT_BYTES]) {
+ atomic64_set(&matching->pkts,
+ be64_to_cpu(nla_get_be64(tb[NFACCT_PKTS])));
+ atomic64_set(&matching->bytes,
+ be64_to_cpu(nla_get_be64(tb[NFACCT_BYTES])));
+ } else {
+ /*
+ * Prevent resetting the packet & byte counters
+ * if either fmt or bthr are specified.
+ *
+ * This is done for backward compatibility,
+ * otherwise resetting these counters should
+ * only be allowed when tb[NFACCT_PKTS] and
+ * tb[NFACCT_BYTES] are explicitly specified
+ * and == 0.
+ *
+ */
+ if (!tb[NFACCT_FMT] && !tb[NFACCT_BTHR]) {
+ atomic64_set(&matching->pkts, 0);
+ atomic64_set(&matching->bytes, 0);
+ }
+ }
+ /* ...and change the format... */
+ if (tb[NFACCT_FMT]) {
+ matching->fmt =
+ be32_to_cpu(nla_get_be32(tb[NFACCT_FMT]));
+ }
+ /* ... as well as the bytes threshold */
+ if (tb[NFACCT_BTHR]) {
+ matching->bthr =
+ be64_to_cpu(nla_get_be64(tb[NFACCT_BTHR]));
+ }
return 0;
}
return -EBUSY;
@@ -89,6 +121,13 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
atomic64_set(&nfacct->pkts,
be64_to_cpu(nla_get_be64(tb[NFACCT_PKTS])));
}
+
+ if (tb[NFACCT_FMT])
+ nfacct->fmt = be32_to_cpu(nla_get_be32(tb[NFACCT_FMT]));
+
+ if (tb[NFACCT_BTHR])
+ nfacct->bthr = be64_to_cpu(nla_get_be64(tb[NFACCT_BTHR]));
+
atomic_set(&nfacct->refcnt, 1);
list_add_tail_rcu(&nfacct->head, &nfnl_acct_list);
return 0;
@@ -125,6 +164,8 @@ nfnl_acct_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
}
if (nla_put_be64(skb, NFACCT_PKTS, cpu_to_be64(pkts)) ||
nla_put_be64(skb, NFACCT_BYTES, cpu_to_be64(bytes)) ||
+ nla_put_be64(skb, NFACCT_BTHR, cpu_to_be64(acct->bthr)) ||
+ nla_put_be32(skb, NFACCT_FMT, htonl(acct->fmt)) ||
nla_put_be32(skb, NFACCT_USE, htonl(atomic_read(&acct->refcnt))))
goto nla_put_failure;
@@ -269,6 +310,8 @@ static const struct nla_policy nfnl_acct_policy[NFACCT_MAX+1] = {
[NFACCT_NAME] = { .type = NLA_NUL_STRING, .len = NFACCT_NAME_MAX-1 },
[NFACCT_BYTES] = { .type = NLA_U64 },
[NFACCT_PKTS] = { .type = NLA_U64 },
+ [NFACCT_BTHR] = { .type = NLA_U64 },
+ [NFACCT_FMT] = { .type = NLA_U32 },
};
static const struct nfnl_callback nfnl_acct_cb[NFNL_MSG_ACCT_MAX] = {
* fmt and bthr (format and bytes threshold) properties have been added to the nfacct object. * ability to change all nfacct object properties (with the exception of name) has been added. Signed-off-by: Michael Zintakis <michael.zintakis@googlemail.com> --- include/uapi/linux/netfilter/nfnetlink_acct.h | 2 + net/netfilter/nfnetlink_acct.c | 49 +++++++++++++++++++++++-- 2 files changed, 48 insertions(+), 3 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html