]> git.proxmox.com Git - mirror_ubuntu-eoan-kernel.git/commit
netfilter: nf_conntrack: properly account terminating packets
authorFabian Hugelshofer <hugelshofer2006@gmx.ch>
Mon, 9 Jun 2008 22:59:40 +0000 (15:59 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 9 Jun 2008 22:59:40 +0000 (15:59 -0700)
commit718d4ad98e272daebc258e49dc02f52a6a8de9d3
tree0f284b8df129db4fbc728499b8565667dce2eb94
parent51091764f26ec36c02e35166f083193a30f426fc
netfilter: nf_conntrack: properly account terminating packets

Currently the last packet of a connection isn't accounted when its causing
abnormal termination.

Introduces nf_ct_kill_acct() which increments the accounting counters on
conntrack kill. The new function was necessary, because there are calls
to nf_ct_kill() which don't need accounting:

nf_conntrack_proto_tcp.c line ~847:
Kills ct and returns NF_REPEAT. We don't want to count twice.

nf_conntrack_proto_tcp.c line ~880:
Kills ct and returns NF_DROP. I think we don't want to count dropped
packets.

nf_conntrack_netlink.c line ~824:
As far as I can see ctnetlink_del_conntrack() is used to destroy a
conntrack on behalf of the user. There is an sk_buff, but I don't think
this is an actual packet. Incrementing counters here is therefore not
desired.

Signed-off-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/netfilter/nf_conntrack.h
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_proto_dccp.c
net/netfilter/nf_conntrack_proto_tcp.c