netfilter: nft_counter: rework atomic dump and reset
authorPablo Neira <pablo@netfilter.org>
Sun, 11 Dec 2016 10:43:59 +0000 (11:43 +0100)
committerDavid S. Miller <davem@davemloft.net>
Sun, 11 Dec 2016 15:01:05 +0000 (10:01 -0500)
commitd84701ecbcd6ad63faa7a9c18ad670d1c4d561c0
tree2f47271a763a580df89a081a03731b78027fea6c
parent311191297125156319be8f86d546ea1c569f7e95
netfilter: nft_counter: rework atomic dump and reset

Dump and reset doesn't work unless cmpxchg64() is used both from packet
and control plane paths. This approach is going to be slow though.
Instead, use a percpu seqcount to fetch counters consistently, then
subtract bytes and packets in case a reset was requested.

The cpu that running over the reset code is guaranteed to own this stats
exclusively, we have to turn counters into signed 64bit though so stats
update on reset don't get wrong on underflow.

This patch is based on original sketch from Eric Dumazet.

Fixes: 43da04a593d8 ("netfilter: nf_tables: atomic dump and reset for stateful objects")
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/netfilter/nft_counter.c