[Devel] [PATCH rh7 1/4] net: Primitives to account conntrack users

Mon Sep 5 23:31:23 PDT 2016

This is need to count rules, which are actually using conntracks.

Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 include/net/net_namespace.h       |   14 ++++++++++++++
 include/net/netns/conntrack.h     |    1 +
 net/netfilter/nf_conntrack_core.c |    1 +
 3 files changed, 16 insertions(+)

diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 94a63ea..193612f 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -296,6 +296,20 @@ static inline struct net *read_pnet(possible_net_t const *pnet)
 #define __net_initconst	__initconst
 #endif
 
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+static inline void inc_conntrack_users(struct net *net)
+{
+	atomic_inc(&net->ct.users);
+}
+static inline void dec_conntrack_users(struct net *net)
+{
+	atomic_dec(&net->ct.users);
+}
+#else
+static inline void inc_conntrack_users(struct net *net) { }
+static inline void dec_conntrack_users(struct net *net) { }
+#endif
+
 int peernet2id_alloc(struct net *net, struct net *peer);
 int peernet2id(struct net *net, struct net *peer);
 bool peernet_has_id(struct net *net, struct net *peer);
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index 4d7de37..0d842e7 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -74,6 +74,7 @@ struct ct_pcpu {
 
 struct netns_ct {
 	atomic_t		count;
+	atomic_t		users;
 	unsigned int		max;
 	unsigned int		expect_count;
 	unsigned int		expect_max;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0c94c3a..b5de5aa 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1816,6 +1816,7 @@ int nf_conntrack_init_net(struct net *net)
 	int cpu;
 
 	atomic_set(&net->ct.count, 0);
+	atomic_set(&net->ct.users, 0);
 	net->ct.max = init_net.ct.max;
 	seqcount_init(&net->ct.generation);
 

