Patchwork [2/4] libnetfilter-acct: Introduce support for notifications

login
register
mail settings
Submitter valentina.giusti@bmw-carit.de
Date Sept. 4, 2013, 12:05 p.m.
Message ID <1378296333-19208-3-git-send-email-valentina.giusti@bmw-carit.de>
Download mbox | patch
Permalink /patch/272583/
State Not Applicable
Headers show

Comments

valentina.giusti@bmw-carit.de - Sept. 4, 2013, 12:05 p.m.
From: Valentina Giusti <valentina.giusti@bmw-carit.de>

Introduce support for notifications. Intervals can be configured as bytes
and packets or as time periods. When the intervals are configured in both
ways, it's also possible to specify a limit for the amount of
notifications based on accounted packets or bytes during a single period.

Signed-off-by: Valentina Giusti <valentina.giusti@bmw-carit.de>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: "David S. Miller" <davem@davemloft.net>
---
 include/libnetfilter_acct/libnetfilter_acct.h |    5 +++
 include/linux/netfilter/nfnetlink_acct.h      |    6 ++++
 src/libnetfilter_acct.c                       |   45 +++++++++++++++++++++++++
 3 files changed, 56 insertions(+)
Pablo Neira - Sept. 4, 2013, 12:44 p.m.
On Wed, Sep 04, 2013 at 02:05:31PM +0200, valentina.giusti@bmw-carit.de wrote:
> From: Valentina Giusti <valentina.giusti@bmw-carit.de>
> 
> Introduce support for notifications. Intervals can be configured as bytes
> and packets or as time periods. When the intervals are configured in both
> ways, it's also possible to specify a limit for the amount of
> notifications based on accounted packets or bytes during a single period.
> 
> Signed-off-by: Valentina Giusti <valentina.giusti@bmw-carit.de>
> Cc: Pablo Neira Ayuso <pablo@netfilter.org>
> Cc: Patrick McHardy <kaber@trash.net>
> Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
> Cc: "David S. Miller" <davem@davemloft.net>
> ---
>  include/libnetfilter_acct/libnetfilter_acct.h |    5 +++
>  include/linux/netfilter/nfnetlink_acct.h      |    6 ++++
>  src/libnetfilter_acct.c                       |   45 +++++++++++++++++++++++++
>  3 files changed, 56 insertions(+)
> 
> diff --git a/include/libnetfilter_acct/libnetfilter_acct.h b/include/libnetfilter_acct/libnetfilter_acct.h
> index b00e366..b0a5bf6 100644
> --- a/include/libnetfilter_acct/libnetfilter_acct.h
> +++ b/include/libnetfilter_acct/libnetfilter_acct.h
> @@ -14,6 +14,11 @@ enum nfacct_attr_type {
>  	NFACCT_ATTR_NAME = 0,
>  	NFACCT_ATTR_PKTS,
>  	NFACCT_ATTR_BYTES,
> +	NFACCT_ATTR_NOTIFY_PKTS,
> +	NFACCT_ATTR_NOTIFY_P_RL, /* packets notification rate limit */
> +	NFACCT_ATTR_NOTIFY_BYTES,
> +	NFACCT_ATTR_NOTIFY_B_RL, /* bytes notification rate limit */
> +	NFACCT_ATTR_NOTIFY_PERIOD,
>  };
>  
>  struct nfacct *nfacct_alloc(void);
> diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h
> index c7b6269..8125e57 100644
> --- a/include/linux/netfilter/nfnetlink_acct.h
> +++ b/include/linux/netfilter/nfnetlink_acct.h
> @@ -10,6 +10,7 @@ enum nfnl_acct_msg_types {
>  	NFNL_MSG_ACCT_GET,
>  	NFNL_MSG_ACCT_GET_CTRZERO,
>  	NFNL_MSG_ACCT_DEL,
> +	NFNL_MSG_ACCT_NOTIFY,
>  	NFNL_MSG_ACCT_MAX
>  };
>  
> @@ -19,6 +20,11 @@ enum nfnl_acct_type {
>  	NFACCT_PKTS,
>  	NFACCT_BYTES,
>  	NFACCT_USE,
> +	NFACCT_NOTIFY_PKTS,
> +	NFACCT_NOTIFY_P_RL,	/* packets notification rate limit */
> +	NFACCT_NOTIFY_BYTES,
> +	NFACCT_NOTIFY_B_RL,	/* bytes notification rate limit */
> +	NFACCT_NOTIFY_PERIOD,
>  	__NFACCT_MAX
>  };
>  #define NFACCT_MAX (__NFACCT_MAX - 1)
> diff --git a/src/libnetfilter_acct.c b/src/libnetfilter_acct.c
> index ba89e2d..4fb0d26 100644
> --- a/src/libnetfilter_acct.c
> +++ b/src/libnetfilter_acct.c
> @@ -60,6 +60,11 @@ struct nfacct {
>  	char		name[NFACCT_NAME_MAX];
>  	uint64_t	pkts;
>  	uint64_t	bytes;
> +	uint32_t	notify_pkts;
> +	uint32_t	notify_pkts_rl;
> +	uint32_t	notify_bytes;
> +	uint32_t	notify_bytes_rl;
> +	uint32_t	notify_period;

This is bloating the nfacct object for everyone in the earth not using
this notification infrastructure.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Valentina Giusti - Sept. 5, 2013, 8:04 a.m.
Hi Pablo,

On 09/04/2013 02:44 PM, Pablo Neira Ayuso wrote:
> On Wed, Sep 04, 2013 at 02:05:31PM +0200,valentina.giusti@bmw-carit.de  wrote:

<snip>

>>   #define NFACCT_MAX (__NFACCT_MAX - 1)
>> diff --git a/src/libnetfilter_acct.c b/src/libnetfilter_acct.c
>> index ba89e2d..4fb0d26 100644
>> --- a/src/libnetfilter_acct.c
>> +++ b/src/libnetfilter_acct.c
>> @@ -60,6 +60,11 @@ struct nfacct {
>>   	char		name[NFACCT_NAME_MAX];
>>   	uint64_t	pkts;
>>   	uint64_t	bytes;
>> +	uint32_t	notify_pkts;
>> +	uint32_t	notify_pkts_rl;
>> +	uint32_t	notify_bytes;
>> +	uint32_t	notify_bytes_rl;
>> +	uint32_t	notify_period;
> This is bloating the nfacct object for everyone in the earth not using
> this notification infrastructure.

Right... I'll replace this with a pointer to another structure. Do you 
suggest that I also #ifdef everything?

Thank you.

-V.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/include/libnetfilter_acct/libnetfilter_acct.h b/include/libnetfilter_acct/libnetfilter_acct.h
index b00e366..b0a5bf6 100644
--- a/include/libnetfilter_acct/libnetfilter_acct.h
+++ b/include/libnetfilter_acct/libnetfilter_acct.h
@@ -14,6 +14,11 @@  enum nfacct_attr_type {
 	NFACCT_ATTR_NAME = 0,
 	NFACCT_ATTR_PKTS,
 	NFACCT_ATTR_BYTES,
+	NFACCT_ATTR_NOTIFY_PKTS,
+	NFACCT_ATTR_NOTIFY_P_RL, /* packets notification rate limit */
+	NFACCT_ATTR_NOTIFY_BYTES,
+	NFACCT_ATTR_NOTIFY_B_RL, /* bytes notification rate limit */
+	NFACCT_ATTR_NOTIFY_PERIOD,
 };
 
 struct nfacct *nfacct_alloc(void);
diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h
index c7b6269..8125e57 100644
--- a/include/linux/netfilter/nfnetlink_acct.h
+++ b/include/linux/netfilter/nfnetlink_acct.h
@@ -10,6 +10,7 @@  enum nfnl_acct_msg_types {
 	NFNL_MSG_ACCT_GET,
 	NFNL_MSG_ACCT_GET_CTRZERO,
 	NFNL_MSG_ACCT_DEL,
+	NFNL_MSG_ACCT_NOTIFY,
 	NFNL_MSG_ACCT_MAX
 };
 
@@ -19,6 +20,11 @@  enum nfnl_acct_type {
 	NFACCT_PKTS,
 	NFACCT_BYTES,
 	NFACCT_USE,
+	NFACCT_NOTIFY_PKTS,
+	NFACCT_NOTIFY_P_RL,	/* packets notification rate limit */
+	NFACCT_NOTIFY_BYTES,
+	NFACCT_NOTIFY_B_RL,	/* bytes notification rate limit */
+	NFACCT_NOTIFY_PERIOD,
 	__NFACCT_MAX
 };
 #define NFACCT_MAX (__NFACCT_MAX - 1)
diff --git a/src/libnetfilter_acct.c b/src/libnetfilter_acct.c
index ba89e2d..4fb0d26 100644
--- a/src/libnetfilter_acct.c
+++ b/src/libnetfilter_acct.c
@@ -60,6 +60,11 @@  struct nfacct {
 	char		name[NFACCT_NAME_MAX];
 	uint64_t	pkts;
 	uint64_t	bytes;
+	uint32_t	notify_pkts;
+	uint32_t	notify_pkts_rl;
+	uint32_t	notify_bytes;
+	uint32_t	notify_bytes_rl;
+	uint32_t	notify_period;
 	uint32_t	bitset;
 };
 
@@ -114,6 +119,26 @@  nfacct_attr_set(struct nfacct *nfacct, enum nfacct_attr_type type,
 		nfacct->bytes = *((uint64_t *) data);
 		nfacct->bitset |= (1 << NFACCT_ATTR_BYTES);
 		break;
+	case NFACCT_ATTR_NOTIFY_PKTS:
+		nfacct->notify_pkts = *((uint32_t *) data);
+		nfacct->bitset |= (1 << NFACCT_ATTR_NOTIFY_PKTS);
+		break;
+	case NFACCT_ATTR_NOTIFY_P_RL:
+		nfacct->notify_pkts_rl = *((uint32_t *) data);
+		nfacct->bitset |= (1 << NFACCT_ATTR_NOTIFY_P_RL);
+		break;
+	case NFACCT_ATTR_NOTIFY_BYTES:
+		nfacct->notify_bytes = *((uint32_t *) data);
+		nfacct->bitset |= (1 << NFACCT_ATTR_NOTIFY_BYTES);
+		break;
+	case NFACCT_ATTR_NOTIFY_B_RL:
+		nfacct->notify_bytes_rl = *((uint32_t *) data);
+		nfacct->bitset |= (1 << NFACCT_ATTR_NOTIFY_B_RL);
+		break;
+	case NFACCT_ATTR_NOTIFY_PERIOD:
+		nfacct->notify_period = *((uint32_t *) data);
+		nfacct->bitset |= (1 << NFACCT_ATTR_NOTIFY_PERIOD);
+		break;
 	}
 }
 EXPORT_SYMBOL(nfacct_attr_set);
@@ -424,6 +449,26 @@  void nfacct_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfacct *nfacct)
 
 	if (nfacct->bitset & (1 << NFACCT_ATTR_BYTES))
 		mnl_attr_put_u64(nlh, NFACCT_BYTES, htobe64(nfacct->bytes));
+
+	if (nfacct->bitset & (1 << NFACCT_ATTR_NOTIFY_PKTS))
+		mnl_attr_put_u32(nlh, NFACCT_NOTIFY_PKTS,
+				 htobe32(nfacct->notify_pkts));
+
+	if (nfacct->bitset & (1 << NFACCT_ATTR_NOTIFY_P_RL))
+		mnl_attr_put_u32(nlh, NFACCT_NOTIFY_P_RL,
+				 htobe32(nfacct->notify_pkts_rl));
+
+	if (nfacct->bitset & (1 << NFACCT_ATTR_NOTIFY_BYTES))
+		mnl_attr_put_u32(nlh, NFACCT_NOTIFY_BYTES,
+				 htobe32(nfacct->notify_bytes));
+
+	if (nfacct->bitset & (1 << NFACCT_ATTR_NOTIFY_B_RL))
+		mnl_attr_put_u32(nlh, NFACCT_NOTIFY_B_RL,
+				 htobe32(nfacct->notify_bytes_rl));
+
+	if (nfacct->bitset & (1 << NFACCT_ATTR_NOTIFY_PERIOD))
+		mnl_attr_put_u32(nlh, NFACCT_NOTIFY_PERIOD,
+				 htobe32(nfacct->notify_period));
 }
 EXPORT_SYMBOL(nfacct_nlmsg_build_payload);