LXR linux/net/netfilter/nft

   1/*
   2 * Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net>
   3 *
   4 * This program is free software; you can redistribute it and/or modify
   5 * it under the terms of the GNU General Public License version 2 as
   6 * published by the Free Software Foundation.
   7 *
   8 * Development of this code funded by Astaro AG (http://www.astaro.com/)
   9 */
  10
  11#include <linux/kernel.h>
  12#include <linux/init.h>
  13#include <linux/module.h>
  14#include <linux/seqlock.h>
  15#include <linux/netlink.h>
  16#include <linux/netfilter.h>
  17#include <linux/netfilter/nf_tables.h>
  18#include <net/netfilter/nf_tables.h>
  19
  20struct nft_counter {
  21        seqlock_t       lock;
  22        u64             bytes;
  23        u64             packets;
  24};
  25
  26static void nft_counter_eval(const struct nft_expr *expr,
  27                             struct nft_data data[NFT_REG_MAX + 1],
  28                             const struct nft_pktinfo *pkt)
  29{
  30        struct nft_counter *priv = nft_expr_priv(expr);
  31
  32        write_seqlock_bh(&priv->lock);
  33        priv->bytes += pkt->skb->len;
  34        priv->packets++;
  35        write_sequnlock_bh(&priv->lock);
  36}
  37
  38static int nft_counter_dump(struct sk_buff *skb, const struct nft_expr *expr)
  39{
  40        struct nft_counter *priv = nft_expr_priv(expr);
  41        unsigned int seq;
  42        u64 bytes;
  43        u64 packets;
  44
  45        do {
  46                seq = read_seqbegin(&priv->lock);
  47                bytes   = priv->bytes;
  48                packets = priv->packets;
  49        } while (read_seqretry(&priv->lock, seq));
  50
  51        if (nla_put_be64(skb, NFTA_COUNTER_BYTES, cpu_to_be64(bytes)))
  52                goto nla_put_failure;
  53        if (nla_put_be64(skb, NFTA_COUNTER_PACKETS, cpu_to_be64(packets)))
  54                goto nla_put_failure;
  55        return 0;
  56
  57nla_put_failure:
  58        return -1;
  59}
  60
  61static const struct nla_policy nft_counter_policy[NFTA_COUNTER_MAX + 1] = {
  62        [NFTA_COUNTER_PACKETS]  = { .type = NLA_U64 },
  63        [NFTA_COUNTER_BYTES]    = { .type = NLA_U64 },
  64};
  65
  66static int nft_counter_init(const struct nft_ctx *ctx,
  67                            const struct nft_expr *expr,
  68                            const struct nlattr * const tb[])
  69{
  70        struct nft_counter *priv = nft_expr_priv(expr);
  71
  72        if (tb[NFTA_COUNTER_PACKETS])
  73                priv->packets = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS]));
  74        if (tb[NFTA_COUNTER_BYTES])
  75                priv->bytes = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES]));
  76
  77        seqlock_init(&priv->lock);
  78        return 0;
  79}
  80
  81static struct nft_expr_type nft_counter_type;
  82static const struct nft_expr_ops nft_counter_ops = {
  83        .type           = &nft_counter_type,
  84        .size           = NFT_EXPR_SIZE(sizeof(struct nft_counter)),
  85        .eval           = nft_counter_eval,
  86        .init           = nft_counter_init,
  87        .dump           = nft_counter_dump,
  88};
  89
  90static struct nft_expr_type nft_counter_type __read_mostly = {
  91        .name           = "counter",
  92        .ops            = &nft_counter_ops,
  93        .policy         = nft_counter_policy,
  94        .maxattr        = NFTA_COUNTER_MAX,
  95        .owner          = THIS_MODULE,
  96};
  97
  98static int __init nft_counter_module_init(void)
  99{
 100        return nft_register_expr(&nft_counter_type);
 101}
 102
 103static void __exit nft_counter_module_exit(void)
 104{
 105        nft_unregister_expr(&nft_counter_type);
 106}
 107
 108module_init(nft_counter_module_init);
 109module_exit(nft_counter_module_exit);
 110
 111MODULE_LICENSE("GPL");
 112MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
 113MODULE_ALIAS_NFT_EXPR("counter");
 114