* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
+ * 2006-01-26 Harald Welte <laforge@netfilter.org>
+ * - Add optional local and global sequence number to detect lost
+ * events from userspace
+ *
*/
#include <linux/module.h>
#include <linux/skbuff.h>
#include "../bridge/br_private.h"
#endif
-#define NFULNL_NLBUFSIZ_DEFAULT 4096
+#define NFULNL_NLBUFSIZ_DEFAULT NLMSG_GOODSIZE
#define NFULNL_TIMEOUT_DEFAULT 100 /* every second */
#define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */
unsigned int nlbufsiz; /* netlink buffer allocation size */
unsigned int qthreshold; /* threshold of the queue */
u_int32_t copy_range;
+ u_int32_t seq; /* instance-local sequential counter */
u_int16_t group_num; /* number of this queue */
+ u_int16_t flags;
u_int8_t copy_mode;
};
static DEFINE_RWLOCK(instances_lock);
+static atomic_t global_seq;
#define INSTANCE_BUCKETS 16
static struct hlist_head instance_table[INSTANCE_BUCKETS];
return 0;
}
+static int
+nfulnl_set_flags(struct nfulnl_instance *inst, u_int16_t flags)
+{
+ spin_lock_bh(&inst->lock);
+ inst->flags = ntohs(flags);
+ spin_unlock_bh(&inst->lock);
+
+ return 0;
+}
+
static struct sk_buff *nfulnl_alloc_skb(unsigned int inst_size,
unsigned int pkt_size)
{
struct sk_buff *skb;
+ unsigned int n;
UDEBUG("entered (%u, %u)\n", inst_size, pkt_size);
/* alloc skb which should be big enough for a whole multipart
* message. WARNING: has to be <= 128k due to slab restrictions */
- skb = alloc_skb(inst_size, GFP_ATOMIC);
+ n = max(inst_size, pkt_size);
+ skb = alloc_skb(n, GFP_ATOMIC);
if (!skb) {
PRINTR("nfnetlink_log: can't alloc whole buffer (%u bytes)\n",
inst_size);
- /* try to allocate only as much as we need for current
- * packet */
+ if (n > pkt_size) {
+ /* try to allocate only as much as we need for current
+ * packet */
- skb = alloc_skb(pkt_size, GFP_ATOMIC);
- if (!skb)
- PRINTR("nfnetlink_log: can't even alloc %u bytes\n",
- pkt_size);
+ skb = alloc_skb(pkt_size, GFP_ATOMIC);
+ if (!skb)
+ PRINTR("nfnetlink_log: can't even alloc %u "
+ "bytes\n", pkt_size);
+ }
}
return skb;
spin_unlock_bh(&inst->lock);
}
+/* This is an inline function, we don't really care about a long
+ * list of arguments */
static inline int
__build_packet_message(struct nfulnl_instance *inst,
const struct sk_buff *skb,
read_unlock_bh(&skb->sk->sk_callback_lock);
}
+ /* local sequence number */
+ if (inst->flags & NFULNL_CFG_F_SEQ) {
+ tmp_uint = htonl(inst->seq++);
+ NFA_PUT(inst->skb, NFULA_SEQ, sizeof(tmp_uint), &tmp_uint);
+ }
+ /* global sequence number */
+ if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) {
+ tmp_uint = atomic_inc_return(&global_seq);
+ NFA_PUT(inst->skb, NFULA_SEQ_GLOBAL, sizeof(tmp_uint), &tmp_uint);
+ }
+
if (data_len) {
struct nfattr *nfa;
int size = NFA_LENGTH(data_len);
spin_lock_bh(&inst->lock);
+ if (inst->flags & NFULNL_CFG_F_SEQ)
+ size += NFA_SPACE(sizeof(u_int32_t));
+ if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL)
+ size += NFA_SPACE(sizeof(u_int32_t));
+
qthreshold = inst->qthreshold;
/* per-rule qthreshold overrides per-instance */
if (qthreshold > li->u.ulog.qthreshold)
[NFULA_TIMESTAMP-1] = sizeof(struct nfulnl_msg_packet_timestamp),
[NFULA_IFINDEX_INDEV-1] = sizeof(u_int32_t),
[NFULA_IFINDEX_OUTDEV-1]= sizeof(u_int32_t),
+ [NFULA_IFINDEX_PHYSINDEV-1] = sizeof(u_int32_t),
+ [NFULA_IFINDEX_PHYSOUTDEV-1] = sizeof(u_int32_t),
[NFULA_HWADDR-1] = sizeof(struct nfulnl_msg_packet_hw),
[NFULA_PAYLOAD-1] = 0,
[NFULA_PREFIX-1] = 0,
[NFULA_UID-1] = sizeof(u_int32_t),
+ [NFULA_SEQ-1] = sizeof(u_int32_t),
+ [NFULA_SEQ_GLOBAL-1] = sizeof(u_int32_t),
};
static const int nfula_cfg_min[NFULA_CFG_MAX] = {
[NFULA_CFG_TIMEOUT-1] = sizeof(u_int32_t),
[NFULA_CFG_QTHRESH-1] = sizeof(u_int32_t),
[NFULA_CFG_NLBUFSIZ-1] = sizeof(u_int32_t),
+ [NFULA_CFG_FLAGS-1] = sizeof(u_int16_t),
};
static int
nfulnl_set_qthresh(inst, ntohl(qthresh));
}
+ if (nfula[NFULA_CFG_FLAGS-1]) {
+ u_int16_t flags =
+ *(u_int16_t *)NFA_DATA(nfula[NFULA_CFG_FLAGS-1]);
+ nfulnl_set_flags(inst, ntohl(flags));
+ }
+
out_put:
instance_put(inst);
return ret;
git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff