2007-07-08 07:23:21 +02:00
|
|
|
#ifndef _NF_CONNTRACK_EXTEND_H
|
|
|
|
#define _NF_CONNTRACK_EXTEND_H
|
|
|
|
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 09:04:11 +01:00
|
|
|
#include <linux/slab.h>
|
|
|
|
|
2007-07-08 07:23:21 +02:00
|
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
|
|
|
2009-11-03 04:26:03 +01:00
|
|
|
enum nf_ct_ext_id {
|
2007-07-08 07:23:42 +02:00
|
|
|
NF_CT_EXT_HELPER,
|
2010-11-15 12:23:24 +01:00
|
|
|
#if defined(CONFIG_NF_NAT) || defined(CONFIG_NF_NAT_MODULE)
|
2007-07-08 07:24:28 +02:00
|
|
|
NF_CT_EXT_NAT,
|
2010-11-15 12:23:24 +01:00
|
|
|
#endif
|
netfilter: accounting rework: ct_extend + 64bit counters (v4)
Initially netfilter has had 64bit counters for conntrack-based accounting, but
it was changed in 2.6.14 to save memory. Unfortunately in-kernel 64bit counters are
still required, for example for "connbytes" extension. However, 64bit counters
waste a lot of memory and it was not possible to enable/disable it runtime.
This patch:
- reimplements accounting with respect to the extension infrastructure,
- makes one global version of seq_print_acct() instead of two seq_print_counters(),
- makes it possible to enable it at boot time (for CONFIG_SYSCTL/CONFIG_SYSFS=n),
- makes it possible to enable/disable it at runtime by sysctl or sysfs,
- extends counters from 32bit to 64bit,
- renames ip_conntrack_counter -> nf_conn_counter,
- enables accounting code unconditionally (no longer depends on CONFIG_NF_CT_ACCT),
- set initial accounting enable state based on CONFIG_NF_CT_ACCT
- removes buggy IPCT_COUNTER_FILLING event handling.
If accounting is enabled newly created connections get additional acct extend.
Old connections are not changed as it is not possible to add a ct_extend area
to confirmed conntrack. Accounting is performed for all connections with
acct extend regardless of a current state of "net.netfilter.nf_conntrack_acct".
Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-07-21 19:01:34 +02:00
|
|
|
NF_CT_EXT_ACCT,
|
2010-11-15 12:23:24 +01:00
|
|
|
#ifdef CONFIG_NF_CONNTRACK_EVENTS
|
2009-06-13 12:26:29 +02:00
|
|
|
NF_CT_EXT_ECACHE,
|
2010-11-15 12:23:24 +01:00
|
|
|
#endif
|
|
|
|
#ifdef CONFIG_NF_CONNTRACK_ZONES
|
2010-02-15 18:13:33 +01:00
|
|
|
NF_CT_EXT_ZONE,
|
2011-01-19 16:00:07 +01:00
|
|
|
#endif
|
|
|
|
#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
|
|
|
|
NF_CT_EXT_TSTAMP,
|
2010-11-15 12:23:24 +01:00
|
|
|
#endif
|
2007-07-08 07:23:21 +02:00
|
|
|
NF_CT_EXT_NUM,
|
|
|
|
};
|
|
|
|
|
2007-07-08 07:23:42 +02:00
|
|
|
#define NF_CT_EXT_HELPER_TYPE struct nf_conn_help
|
2007-07-08 07:24:28 +02:00
|
|
|
#define NF_CT_EXT_NAT_TYPE struct nf_conn_nat
|
netfilter: accounting rework: ct_extend + 64bit counters (v4)
Initially netfilter has had 64bit counters for conntrack-based accounting, but
it was changed in 2.6.14 to save memory. Unfortunately in-kernel 64bit counters are
still required, for example for "connbytes" extension. However, 64bit counters
waste a lot of memory and it was not possible to enable/disable it runtime.
This patch:
- reimplements accounting with respect to the extension infrastructure,
- makes one global version of seq_print_acct() instead of two seq_print_counters(),
- makes it possible to enable it at boot time (for CONFIG_SYSCTL/CONFIG_SYSFS=n),
- makes it possible to enable/disable it at runtime by sysctl or sysfs,
- extends counters from 32bit to 64bit,
- renames ip_conntrack_counter -> nf_conn_counter,
- enables accounting code unconditionally (no longer depends on CONFIG_NF_CT_ACCT),
- set initial accounting enable state based on CONFIG_NF_CT_ACCT
- removes buggy IPCT_COUNTER_FILLING event handling.
If accounting is enabled newly created connections get additional acct extend.
Old connections are not changed as it is not possible to add a ct_extend area
to confirmed conntrack. Accounting is performed for all connections with
acct extend regardless of a current state of "net.netfilter.nf_conntrack_acct".
Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-07-21 19:01:34 +02:00
|
|
|
#define NF_CT_EXT_ACCT_TYPE struct nf_conn_counter
|
2009-06-13 12:26:29 +02:00
|
|
|
#define NF_CT_EXT_ECACHE_TYPE struct nf_conntrack_ecache
|
2010-02-15 18:13:33 +01:00
|
|
|
#define NF_CT_EXT_ZONE_TYPE struct nf_conntrack_zone
|
2011-01-19 16:00:07 +01:00
|
|
|
#define NF_CT_EXT_TSTAMP_TYPE struct nf_conn_tstamp
|
2007-07-08 07:23:42 +02:00
|
|
|
|
2007-07-08 07:23:21 +02:00
|
|
|
/* Extensions: optional stuff which isn't permanently in struct. */
|
|
|
|
struct nf_ct_ext {
|
2008-06-18 00:51:47 +02:00
|
|
|
struct rcu_head rcu;
|
2007-07-08 07:23:21 +02:00
|
|
|
u8 offset[NF_CT_EXT_NUM];
|
|
|
|
u8 len;
|
|
|
|
char data[0];
|
|
|
|
};
|
|
|
|
|
2010-08-02 17:06:19 +02:00
|
|
|
static inline bool __nf_ct_ext_exist(const struct nf_ct_ext *ext, u8 id)
|
2007-07-08 07:23:21 +02:00
|
|
|
{
|
2010-08-02 17:06:19 +02:00
|
|
|
return !!ext->offset[id];
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline bool nf_ct_ext_exist(const struct nf_conn *ct, u8 id)
|
|
|
|
{
|
|
|
|
return (ct->ext && __nf_ct_ext_exist(ct->ext, id));
|
2007-07-08 07:23:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline void *__nf_ct_ext_find(const struct nf_conn *ct, u8 id)
|
|
|
|
{
|
|
|
|
if (!nf_ct_ext_exist(ct, id))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
return (void *)ct->ext + ct->ext->offset[id];
|
|
|
|
}
|
|
|
|
#define nf_ct_ext_find(ext, id) \
|
|
|
|
((id##_TYPE *)__nf_ct_ext_find((ext), (id)))
|
|
|
|
|
|
|
|
/* Destroy all relationships */
|
|
|
|
extern void __nf_ct_ext_destroy(struct nf_conn *ct);
|
|
|
|
static inline void nf_ct_ext_destroy(struct nf_conn *ct)
|
|
|
|
{
|
|
|
|
if (ct->ext)
|
|
|
|
__nf_ct_ext_destroy(ct);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Free operation. If you want to free a object referred from private area,
|
|
|
|
* please implement __nf_ct_ext_free() and call it.
|
|
|
|
*/
|
|
|
|
static inline void nf_ct_ext_free(struct nf_conn *ct)
|
|
|
|
{
|
|
|
|
if (ct->ext)
|
|
|
|
kfree(ct->ext);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Add this type, returns pointer to data or NULL. */
|
|
|
|
void *
|
|
|
|
__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp);
|
|
|
|
#define nf_ct_ext_add(ct, id, gfp) \
|
|
|
|
((id##_TYPE *)__nf_ct_ext_add((ct), (id), (gfp)))
|
|
|
|
|
|
|
|
#define NF_CT_EXT_F_PREALLOC 0x0001
|
|
|
|
|
2009-11-03 04:26:03 +01:00
|
|
|
struct nf_ct_ext_type {
|
2007-07-08 07:23:21 +02:00
|
|
|
/* Destroys relationships (can be NULL). */
|
|
|
|
void (*destroy)(struct nf_conn *ct);
|
|
|
|
/* Called when realloacted (can be NULL).
|
|
|
|
Contents has already been moved. */
|
2008-02-08 02:56:34 +01:00
|
|
|
void (*move)(void *new, void *old);
|
2007-07-08 07:23:21 +02:00
|
|
|
|
|
|
|
enum nf_ct_ext_id id;
|
|
|
|
|
|
|
|
unsigned int flags;
|
|
|
|
|
|
|
|
/* Length and min alignment. */
|
|
|
|
u8 len;
|
|
|
|
u8 align;
|
|
|
|
/* initial size of nf_ct_ext. */
|
|
|
|
u8 alloc_size;
|
|
|
|
};
|
|
|
|
|
|
|
|
int nf_ct_extend_register(struct nf_ct_ext_type *type);
|
|
|
|
void nf_ct_extend_unregister(struct nf_ct_ext_type *type);
|
|
|
|
#endif /* _NF_CONNTRACK_EXTEND_H */
|