__nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0);
}
-extern void nf_ct_kill(struct nf_conn *ct);
+extern void __nf_ct_kill_acct(struct nf_conn *ct,
+ enum ip_conntrack_info ctinfo,
+ const struct sk_buff *skb,
+ int do_acct);
+
+/* kill conntrack and do accounting */
+static inline void nf_ct_kill_acct(struct nf_conn *ct,
+ enum ip_conntrack_info ctinfo,
+ const struct sk_buff *skb)
+{
+ __nf_ct_kill_acct(ct, ctinfo, skb, 1);
+}
+
+/* kill conntrack without accounting */
+static inline void nf_ct_kill(struct nf_conn *ct)
+{
+ __nf_ct_kill_acct(ct, 0, NULL, 0);
+}
/* These are for NAT. Icky. */
/* Update TCP window tracking data when NAT mangles the packet */
(theoretically possible with SMP) */
if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
if (atomic_dec_and_test(&ct->proto.icmp.count))
- nf_ct_kill(ct);
+ nf_ct_kill_acct(ct, ctinfo, skb);
} else {
atomic_inc(&ct->proto.icmp.count);
nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
(theoretically possible with SMP) */
if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
if (atomic_dec_and_test(&ct->proto.icmp.count))
- nf_ct_kill(ct);
+ nf_ct_kill_acct(ct, ctinfo, skb);
} else {
atomic_inc(&ct->proto.icmp.count);
nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
}
EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct);
-void nf_ct_kill(struct nf_conn *ct)
+void __nf_ct_kill_acct(struct nf_conn *ct,
+ enum ip_conntrack_info ctinfo,
+ const struct sk_buff *skb,
+ int do_acct)
{
+#ifdef CONFIG_NF_CT_ACCT
+ if (do_acct) {
+ spin_lock_bh(&nf_conntrack_lock);
+ ct->counters[CTINFO2DIR(ctinfo)].packets++;
+ ct->counters[CTINFO2DIR(ctinfo)].bytes +=
+ skb->len - skb_network_offset(skb);
+ spin_unlock_bh(&nf_conntrack_lock);
+ }
+#endif
if (del_timer(&ct->timeout))
ct->timeout.function((unsigned long)ct);
}
-EXPORT_SYMBOL_GPL(nf_ct_kill);
+EXPORT_SYMBOL_GPL(__nf_ct_kill_acct);
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
if (type == DCCP_PKT_RESET &&
!test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
/* Tear down connection immediately if only reply is a RESET */
- nf_ct_kill(ct);
+ nf_ct_kill_acct(ct, ctinfo, skb);
return NF_ACCEPT;
}
problem case, so we can delete the conntrack
immediately. --RR */
if (th->rst) {
- nf_ct_kill(ct);
+ nf_ct_kill_acct(ct, ctinfo, skb);
return NF_ACCEPT;
}
} else if (!test_bit(IPS_ASSURED_BIT, &ct->status)