18468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* 28468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Kernel iptables module to track stats for packets based on user tags. 38468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * 48468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * (C) 2011 Google, Inc 58468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * 68468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * This program is free software; you can redistribute it and/or modify 78468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * it under the terms of the GNU General Public License version 2 as 88468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * published by the Free Software Foundation. 98468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 108468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#ifndef __XT_QTAGUID_INTERNAL_H__ 118468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define __XT_QTAGUID_INTERNAL_H__ 128468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 138468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#include <linux/types.h> 148468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#include <linux/rbtree.h> 158468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#include <linux/spinlock_types.h> 168468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#include <linux/workqueue.h> 178468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 188468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* Iface handling */ 198468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define IDEBUG_MASK (1<<0) 208468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* Iptable Matching. Per packet. */ 218468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define MDEBUG_MASK (1<<1) 228468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* Red-black tree handling. Per packet. */ 238468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define RDEBUG_MASK (1<<2) 248468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* procfs ctrl/stats handling */ 258468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define CDEBUG_MASK (1<<3) 268468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* dev and resource tracking */ 278468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define DDEBUG_MASK (1<<4) 288468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 298468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* E.g (IDEBUG_MASK | CDEBUG_MASK | DDEBUG_MASK) */ 308468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define DEFAULT_DEBUG_MASK 0 318468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 328468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* 338468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * (Un)Define these *DEBUG to compile out/in the pr_debug calls. 348468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * All undef: text size ~ 0x3030; all def: ~ 0x4404. 358468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 368468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define IDEBUG 378468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define MDEBUG 388468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define RDEBUG 398468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define CDEBUG 408468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define DDEBUG 418468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 428468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define MSK_DEBUG(mask, ...) do { \ 438468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall if (unlikely(qtaguid_debug_mask & (mask))) \ 448468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall pr_debug(__VA_ARGS__); \ 458468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall } while (0) 468468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#ifdef IDEBUG 478468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define IF_DEBUG(...) MSK_DEBUG(IDEBUG_MASK, __VA_ARGS__) 488468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#else 498468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define IF_DEBUG(...) no_printk(__VA_ARGS__) 508468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#endif 518468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#ifdef MDEBUG 528468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define MT_DEBUG(...) MSK_DEBUG(MDEBUG_MASK, __VA_ARGS__) 538468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#else 548468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define MT_DEBUG(...) no_printk(__VA_ARGS__) 558468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#endif 568468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#ifdef RDEBUG 578468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define RB_DEBUG(...) MSK_DEBUG(RDEBUG_MASK, __VA_ARGS__) 588468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#else 598468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define RB_DEBUG(...) no_printk(__VA_ARGS__) 608468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#endif 618468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#ifdef CDEBUG 628468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define CT_DEBUG(...) MSK_DEBUG(CDEBUG_MASK, __VA_ARGS__) 638468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#else 648468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define CT_DEBUG(...) no_printk(__VA_ARGS__) 658468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#endif 668468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#ifdef DDEBUG 678468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define DR_DEBUG(...) MSK_DEBUG(DDEBUG_MASK, __VA_ARGS__) 688468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#else 698468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define DR_DEBUG(...) no_printk(__VA_ARGS__) 708468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#endif 718468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 728468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallextern uint qtaguid_debug_mask; 738468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 748468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/*---------------------------------------------------------------------------*/ 758468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* 768468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Tags: 778468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * 788468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * They represent what the data usage counters will be tracked against. 798468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * By default a tag is just based on the UID. 808468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * The UID is used as the base for policing, and can not be ignored. 818468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * So a tag will always at least represent a UID (uid_tag). 828468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * 838468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * A tag can be augmented with an "accounting tag" which is associated 848468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * with a UID. 858468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * User space can set the acct_tag portion of the tag which is then used 868468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * with sockets: all data belonging to that socket will be counted against the 878468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * tag. The policing is then based on the tag's uid_tag portion, 888468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * and stats are collected for the acct_tag portion separately. 898468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * 908468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * There could be 918468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * a: {acct_tag=1, uid_tag=10003} 928468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * b: {acct_tag=2, uid_tag=10003} 938468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * c: {acct_tag=3, uid_tag=10003} 948468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * d: {acct_tag=0, uid_tag=10003} 958468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * a, b, and c represent tags associated with specific sockets. 968468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * d is for the totals for that uid, including all untagged traffic. 978468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Typically d is used with policing/quota rules. 988468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * 998468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * We want tag_t big enough to distinguish uid_t and acct_tag. 1008468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * It might become a struct if needed. 1018468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Nothing should be using it as an int. 1028468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 1038468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgralltypedef uint64_t tag_t; /* Only used via accessors */ 1048468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 1058468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define TAG_UID_MASK 0xFFFFFFFFULL 1068468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define TAG_ACCT_MASK (~0xFFFFFFFFULL) 1078468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 1088468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstatic inline int tag_compare(tag_t t1, tag_t t2) 1098468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall{ 1108468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall return t1 < t2 ? -1 : t1 == t2 ? 0 : 1; 1118468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall} 1128468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 1138468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstatic inline tag_t combine_atag_with_uid(tag_t acct_tag, uid_t uid) 1148468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall{ 1158468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall return acct_tag | uid; 1168468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall} 1178468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstatic inline tag_t make_tag_from_uid(uid_t uid) 1188468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall{ 1198468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall return uid; 1208468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall} 1218468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstatic inline uid_t get_uid_from_tag(tag_t tag) 1228468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall{ 1238468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall return tag & TAG_UID_MASK; 1248468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall} 1258468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstatic inline tag_t get_utag_from_tag(tag_t tag) 1268468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall{ 1278468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall return tag & TAG_UID_MASK; 1288468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall} 1298468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstatic inline tag_t get_atag_from_tag(tag_t tag) 1308468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall{ 1318468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall return tag & TAG_ACCT_MASK; 1328468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall} 1338468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 1348468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstatic inline bool valid_atag(tag_t tag) 1358468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall{ 1368468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall return !(tag & TAG_UID_MASK); 1378468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall} 1388468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstatic inline tag_t make_atag_from_value(uint32_t value) 1398468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall{ 1408468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall return (uint64_t)value << 32; 1418468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall} 1428468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/*---------------------------------------------------------------------------*/ 1438468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 1448468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* 1458468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Maximum number of socket tags that a UID is allowed to have active. 1468468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Multiple processes belonging to the same UID contribute towards this limit. 1478468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Special UIDs that can impersonate a UID also contribute (e.g. download 1488468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * manager, ...) 1498468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 1508468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define DEFAULT_MAX_SOCK_TAGS 1024 1518468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 1528468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* 1538468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * For now we only track 2 sets of counters. 1548468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * The default set is 0. 1558468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Userspace can activate another set for a given uid being tracked. 1568468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 1578468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#define IFS_MAX_COUNTER_SETS 2 1588468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 1598468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallenum ifs_tx_rx { 1608468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall IFS_TX, 1618468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall IFS_RX, 1628468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall IFS_MAX_DIRECTIONS 1638468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 1648468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 1658468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* For now, TCP, UDP, the rest */ 1668468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallenum ifs_proto { 1678468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall IFS_TCP, 1688468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall IFS_UDP, 1698468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall IFS_PROTO_OTHER, 1708468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall IFS_MAX_PROTOS 1718468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 1728468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 1738468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct byte_packet_counters { 1748468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall uint64_t bytes; 1758468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall uint64_t packets; 1768468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 1778468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 1788468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct data_counters { 1798468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct byte_packet_counters bpc[IFS_MAX_COUNTER_SETS][IFS_MAX_DIRECTIONS][IFS_MAX_PROTOS]; 1808468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 1818468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 182fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrallstatic inline uint64_t dc_sum_bytes(struct data_counters *counters, 183fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall int set, 184fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall enum ifs_tx_rx direction) 185fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall{ 186fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall return counters->bpc[set][direction][IFS_TCP].bytes 187fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall + counters->bpc[set][direction][IFS_UDP].bytes 188fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall + counters->bpc[set][direction][IFS_PROTO_OTHER].bytes; 189fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall} 190fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall 191fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrallstatic inline uint64_t dc_sum_packets(struct data_counters *counters, 192fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall int set, 193fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall enum ifs_tx_rx direction) 194fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall{ 195fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall return counters->bpc[set][direction][IFS_TCP].packets 196fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall + counters->bpc[set][direction][IFS_UDP].packets 197fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall + counters->bpc[set][direction][IFS_PROTO_OTHER].packets; 198fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall} 199fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall 200fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall 2018468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* Generic X based nodes used as a base for rb_tree ops */ 2028468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct tag_node { 2038468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct rb_node node; 2048468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall tag_t tag; 2058468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 2068468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 2078468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct tag_stat { 2088468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct tag_node tn; 2098468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct data_counters counters; 2108468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* 2118468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * If this tag is acct_tag based, we need to count against the 2128468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * matching parent uid_tag. 2138468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 2148468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct data_counters *parent_counters; 2158468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 2168468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 2178468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct iface_stat { 2188468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct list_head list; /* in iface_stat_list */ 2198468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall char *ifname; 2208468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall bool active; 2218468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* net_dev is only valid for active iface_stat */ 2228468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct net_device *net_dev; 2238468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 224cb0d1ec3de78dc303778752e322292b83cf5ff1bJP Abgrall struct byte_packet_counters totals_via_dev[IFS_MAX_DIRECTIONS]; 225fc740ecc31f1b630395b163d4a6b00f727b8bec9JP Abgrall struct data_counters totals_via_skb; 2268468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* 2278468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * We keep the last_known, because some devices reset their counters 2288468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * just before NETDEV_UP, while some will reset just before 2298468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * NETDEV_REGISTER (which is more normal). 2308468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * So now, if the device didn't do a NETDEV_UNREGISTER and we see 2318468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * its current dev stats smaller that what was previously known, we 2328468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * assume an UNREGISTER and just use the last_known. 2338468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 2348468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct byte_packet_counters last_known[IFS_MAX_DIRECTIONS]; 2358468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* last_known is usable when last_known_valid is true */ 2368468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall bool last_known_valid; 2378468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 2388468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct proc_dir_entry *proc_ptr; 2398468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 2408468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct rb_root tag_stat_tree; 2418468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall spinlock_t tag_stat_list_lock; 2428468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 2438468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 2448468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* This is needed to create proc_dir_entries from atomic context. */ 2458468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct iface_stat_work { 2468468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct work_struct iface_work; 2478468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct iface_stat *iface_entry; 2488468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 2498468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 2508468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* 2518468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Track tag that this socket is transferring data for, and not necessarily 2528468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * the uid that owns the socket. 2538468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * This is the tag against which tag_stat.counters will be billed. 2548468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * These structs need to be looked up by sock and pid. 2558468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 2568468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct sock_tag { 2578468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct rb_node sock_node; 2588468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct sock *sk; /* Only used as a number, never dereferenced */ 2598468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* The socket is needed for sockfd_put() */ 2608468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct socket *socket; 2618468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* Used to associate with a given pid */ 2628468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct list_head list; /* in proc_qtu_data.sock_tag_list */ 2638468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall pid_t pid; 2648468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 2658468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall tag_t tag; 2668468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 2678468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 2688468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct qtaguid_event_counts { 2698468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* Various successful events */ 2708468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t sockets_tagged; 2718468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t sockets_untagged; 2728468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t counter_set_changes; 2738468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t delete_cmds; 2748468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t iface_events; /* Number of NETDEV_* events handled */ 2758468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 2768468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t match_calls; /* Number of times iptables called mt */ 277cb0d1ec3de78dc303778752e322292b83cf5ff1bJP Abgrall /* Number of times iptables called mt from pre or post routing hooks */ 278cb0d1ec3de78dc303778752e322292b83cf5ff1bJP Abgrall atomic64_t match_calls_prepost; 2798468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* 2808468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * match_found_sk_*: numbers related to the netfilter matching 2818468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * function finding a sock for the sk_buff. 2828468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Total skbs processed is sum(match_found*). 2838468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 2848468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t match_found_sk; /* An sk was already in the sk_buff. */ 2858468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* The connection tracker had or didn't have the sk. */ 2868468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t match_found_sk_in_ct; 2878468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t match_found_no_sk_in_ct; 2888468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* 2898468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * No sk could be found. No apparent owner. Could happen with 2908468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * unsolicited traffic. 2918468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 2928468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t match_no_sk; 2938468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* 2948468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * The file ptr in the sk_socket wasn't there. 2958468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * This might happen for traffic while the socket is being closed. 2968468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 2978468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall atomic64_t match_no_sk_file; 2988468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 2998468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 3008468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* Track the set active_set for the given tag. */ 3018468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct tag_counter_set { 3028468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct tag_node tn; 3038468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall int active_set; 3048468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 3058468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 3068468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/*----------------------------------------------*/ 3078468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/* 3088468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * The qtu uid data is used to track resources that are created directly or 3098468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * indirectly by processes (uid tracked). 3108468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * It is shared by the processes with the same uid. 3118468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * Some of the resource will be counted to prevent further rogue allocations, 3128468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * some will need freeing once the owner process (uid) exits. 3138468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 3148468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct uid_tag_data { 3158468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct rb_node node; 3168468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall uid_t uid; 3178468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 3188468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* 3198468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * For the uid, how many accounting tags have been set. 3208468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 3218468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall int num_active_tags; 3228468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* Track the number of proc_qtu_data that reference it */ 3238468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall int num_pqd; 3248468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct rb_root tag_ref_tree; 3258468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* No tag_node_tree_lock; use uid_tag_data_tree_lock */ 3268468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 3278468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 3288468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct tag_ref { 3298468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct tag_node tn; 3308468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 3318468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* 3328468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * This tracks the number of active sockets that have a tag on them 3338468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * which matches this tag_ref.tn.tag. 3348468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * A tag ref can live on after the sockets are untagged. 3358468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall * A tag ref can only be removed during a tag delete command. 3368468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall */ 3378468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall int num_sock_tags; 3388468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 3398468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 3408468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrallstruct proc_qtu_data { 3418468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct rb_node node; 3428468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall pid_t pid; 3438468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 3448468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct uid_tag_data *parent_tag_data; 3458468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 3468468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* Tracks the sock_tags that need freeing upon this proc's death */ 3478468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall struct list_head sock_tag_list; 3488468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall /* No spinlock_t sock_tag_list_lock; use the global one. */ 3498468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall}; 3508468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall 3518468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall/*----------------------------------------------*/ 3528468092ab618a65b6cde809ffceb9f18d2b9d02fJP Abgrall#endif /* ifndef __XT_QTAGUID_INTERNAL_H__ */ 353