This patch ports the code accounting netfilter/x_tables to ub (UB_NUMXTENT) from RH6.
Related to https://jira.sw.ru/browse/PSBM-20089 Signed-off-by: Vladimir Davydov <[email protected]> --- include/linux/netfilter/x_tables.h | 4 ++++ net/netfilter/x_tables.c | 48 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 43c5f8d26880..22ee9b961ed9 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h @@ -215,6 +215,10 @@ struct xt_table_info { unsigned int hook_entry[NF_INET_NUMHOOKS]; unsigned int underflow[NF_INET_NUMHOOKS]; +#ifdef CONFIG_BEANCOUNTERS + struct user_beancounter *ub; +#endif + /* * Number of user chains. Since tables cannot have loops, at most * @stacksize jumps (number of user chains) can possibly be made. diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 919976f89644..3fa408656f17 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -67,6 +67,43 @@ static const char *const xt_prefix[NFPROTO_NUMPROTO] = { [NFPROTO_IPV6] = "ip6", }; +#ifdef CONFIG_BEANCOUNTERS +static void uncharge_xtables(struct xt_table_info *info, unsigned long size) +{ + uncharge_beancounter(info->ub, UB_NUMXTENT, size); +} + +static int recharge_xtables(struct xt_table_info *new, struct xt_table_info *old) +{ + struct user_beancounter *ub, *old_ub; + long change; + + ub = new->ub; + old_ub = old->number ? old->ub : ub; + change = (long)new->number - (long)old->number; + if (old_ub != ub) { + printk(KERN_WARNING "iptables resources are charged" + " from different UB (%s -> %s)\n", + old_ub->ub_name, ub->ub_name); + change = new->number; + } + + if (change > 0) { + if (charge_beancounter(ub, UB_NUMXTENT, change, UB_SOFT)) + return -ENOMEM; + } else if (change < 0) + uncharge_beancounter(ub, UB_NUMXTENT, -change); + + if (old_ub != ub) + uncharge_beancounter(old_ub, UB_NUMXTENT, old->number); + + return 0; +} +#else +#define recharge_xtables(c, new, old) (0) +#define uncharge_xtables(info, s) do { } while (0) +#endif /* CONFIG_BEANCOUNTERS */ + /* Allow this many total (re)entries. */ static const unsigned int xt_jumpstack_multiplier = 2; @@ -732,6 +769,8 @@ struct xt_table_info *xt_alloc_table_info(unsigned int size) } } + newinfo->ub = get_beancounter(get_exec_ub()); + return newinfo; } EXPORT_SYMBOL(xt_alloc_table_info); @@ -764,6 +803,8 @@ void xt_free_table_info(struct xt_table_info *info) free_percpu(info->stackptr); + put_beancounter(info->ub); + kfree(info); } EXPORT_SYMBOL(xt_free_table_info); @@ -874,6 +915,12 @@ xt_replace_table(struct xt_table *table, return NULL; } + if (recharge_xtables(newinfo, private)) { + local_bh_enable(); + *error = -ENOMEM; + return NULL; + } + newinfo->initial_entries = private->initial_entries; /* * Ensure contents of newinfo are visible before assigning to @@ -971,6 +1018,7 @@ void *xt_unregister_table(struct xt_table *table) list_del(&table->list); mutex_unlock(&xt[table->af].mutex); kfree(table); + uncharge_xtables(private, private->number); return private; } -- 2.1.4 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
