X-Git-Url: http://developer.intra2net.com/git/?p=ipt_ACCOUNT;a=blobdiff_plain;f=linux%2Fnet%2Fipv4%2Fnetfilter%2Fipt_ACCOUNT.c;h=c380d973ec91afbbc2e36c44a5dcf2ebbc1365cc;hp=0497fd7ae86061858b18e09f7b98e613de29f9ac;hb=4adc835590047326fd24f3d076d9b21775032cfc;hpb=bea3921ba41eb9294b02462de2fe9856c05530e5 diff --git a/linux/net/ipv4/netfilter/ipt_ACCOUNT.c b/linux/net/ipv4/netfilter/ipt_ACCOUNT.c index 0497fd7..c380d97 100644 --- a/linux/net/ipv4/netfilter/ipt_ACCOUNT.c +++ b/linux/net/ipv4/netfilter/ipt_ACCOUNT.c @@ -44,8 +44,8 @@ void ipt_account_data_free(void *data, unsigned char depth) if (depth == 1) { struct ipt_account_mask_16 *mask_16 = (struct ipt_account_mask_16 *)data; - unsigned char b; - for (b=0; b < 255; b++) + unsigned int b; + for (b=0; b <= 255; b++) { if (mask_16->mask_24[b] != 0) { @@ -61,13 +61,13 @@ void ipt_account_data_free(void *data, unsigned char depth) // Free for 24 bit network if (depth == 3) { - unsigned char a, b; - for (a=0; a < 255; a++) + unsigned int a, b; + for (a=0; a <= 255; a++) { if (((struct ipt_account_mask_8 *)data)->mask_16[a]) { struct ipt_account_mask_16 *mask_16 = (struct ipt_account_mask_16*)((struct ipt_account_mask_8 *)data)->mask_16[a]; - for (b=0; b < 255; b++) + for (b=0; b <= 255; b++) { if (mask_16->mask_24[b]) { free_page((unsigned long)mask_16->mask_24[b]); @@ -265,33 +265,52 @@ void ipt_account_depth0_insert(struct ipt_account_mask_24 *mask_24, unsigned int } // Check if this entry is new - char is_new_ip = 0; + char is_src_new_ip = 0, is_dst_new_ip = 0; + + // Calculate array positions + unsigned char src_slot = (unsigned char)((src_ip&0xFF000000) >> 24); + unsigned char dst_slot = (unsigned char)((dst_ip&0xFF000000) >> 24); // Increase size counters if (is_src) { // Calculate network slot - unsigned char slot = (unsigned char)((src_ip&0xFF000000) >> 24); - DEBUGP("ACCOUNT: Calculated SRC 8 bit network slot: %d\n", slot); - if (!mask_24->ip[slot].src_packets && !mask_24->ip[slot].dst_packets) - is_new_ip = 1; + DEBUGP("ACCOUNT: Calculated SRC 8 bit network slot: %d\n", src_slot); + if (!mask_24->ip[src_slot].src_packets && !mask_24->ip[src_slot].dst_packets) + is_src_new_ip = 1; - mask_24->ip[slot].src_packets++; - mask_24->ip[slot].src_bytes+=size; + mask_24->ip[src_slot].src_packets++; + mask_24->ip[src_slot].src_bytes+=size; } if (is_dst) { - unsigned char slot = (unsigned char)((dst_ip&0xFF000000) >> 24); - DEBUGP("ACCOUNT: Calculated DST 8 bit network slot: %d\n", slot); - if (!mask_24->ip[slot].src_packets && !mask_24->ip[slot].dst_packets) - is_new_ip = 1; + DEBUGP("ACCOUNT: Calculated DST 8 bit network slot: %d\n", dst_slot); + if (!mask_24->ip[dst_slot].src_packets && !mask_24->ip[dst_slot].dst_packets) + is_dst_new_ip = 1; - mask_24->ip[slot].dst_packets++; - mask_24->ip[slot].dst_bytes+=size; + mask_24->ip[dst_slot].dst_packets++; + mask_24->ip[dst_slot].dst_bytes+=size; } - if (is_new_ip) - (*itemcount)++; + // Increase itemcounter + DEBUGP("ACCOUNT: Itemcounter before: %d\n", *itemcount); + if (src_slot == dst_slot) + { + if (is_src_new_ip || is_dst_new_ip) { + DEBUGP("ACCOUNT: src_slot == dst_slot: %d, %d\n", is_src_new_ip, is_dst_new_ip); + (*itemcount)++; + } + } else { + if (is_src_new_ip) { + DEBUGP("ACCOUNT: New src_ip: %u.%u.%u.%u\n", NIPQUAD(src_ip)); + (*itemcount)++; + } + if (is_dst_new_ip) { + DEBUGP("ACCOUNT: New dst_ip: %u.%u.%u.%u\n", NIPQUAD(dst_ip)); + (*itemcount)++; + } + } + DEBUGP("ACCOUNT: Itemcounter after: %d\n", *itemcount); } void ipt_account_depth1_insert(struct ipt_account_mask_16 *mask_16, unsigned int net_ip, unsigned int netmask, @@ -311,7 +330,7 @@ void ipt_account_depth1_insert(struct ipt_account_mask_16 *mask_16, unsigned int } ipt_account_depth0_insert((struct ipt_account_mask_24 *)mask_16->mask_24[slot], net_ip, netmask, - src_ip, dst_ip, size, itemcount); + src_ip, 0, size, itemcount); } // Do we need to process dst IP? @@ -328,7 +347,7 @@ void ipt_account_depth1_insert(struct ipt_account_mask_16 *mask_16, unsigned int } ipt_account_depth0_insert((struct ipt_account_mask_24 *)mask_16->mask_24[slot], net_ip, netmask, - src_ip, dst_ip, size, itemcount); + 0, dst_ip, size, itemcount); } } @@ -349,7 +368,7 @@ void ipt_account_depth2_insert(struct ipt_account_mask_8 *mask_8, unsigned int n } ipt_account_depth1_insert((struct ipt_account_mask_16 *)mask_8->mask_16[slot], net_ip, netmask, - src_ip, dst_ip, size, itemcount); + src_ip, 0, size, itemcount); } // Do we need to process dst IP? @@ -366,7 +385,7 @@ void ipt_account_depth2_insert(struct ipt_account_mask_8 *mask_8, unsigned int n } ipt_account_depth1_insert((struct ipt_account_mask_16 *)mask_8->mask_16[slot], net_ip, netmask, - src_ip, dst_ip, size, itemcount); + 0, dst_ip, size, itemcount); } } @@ -524,9 +543,9 @@ int ipt_account_handle_prepare_read(char *tablename, unsigned int *count) } else if (depth == 1) { struct ipt_account_mask_16 *src_16 = (struct ipt_account_mask_16 *)ipt_account_tables[table_nr].data; struct ipt_account_mask_16 *network_16 = (struct ipt_account_mask_16 *)ipt_account_handles[handle].data; - unsigned char b; + unsigned int b; - for (b = 0; b < 255; b++) + for (b = 0; b <= 255; b++) { if (src_16->mask_24[b]) { @@ -544,9 +563,9 @@ int ipt_account_handle_prepare_read(char *tablename, unsigned int *count) } else if(depth == 2) { struct ipt_account_mask_8 *src_8 = (struct ipt_account_mask_8 *)ipt_account_tables[table_nr].data; struct ipt_account_mask_8 *network_8 = (struct ipt_account_mask_8 *)ipt_account_handles[handle].data; - unsigned char a; + unsigned int a; - for (a = 0; a < 255; a++) + for (a = 0; a <= 255; a++) { if (src_8->mask_16[a]) { @@ -562,9 +581,9 @@ int ipt_account_handle_prepare_read(char *tablename, unsigned int *count) struct ipt_account_mask_16 *src_16 = src_8->mask_16[a]; struct ipt_account_mask_16 *network_16 = network_8->mask_16[a]; - unsigned char b; + unsigned int b; - for (b = 0; b < 255; b++) + for (b = 0; b <= 255; b++) { if (src_16->mask_24[b]) { @@ -631,7 +650,7 @@ int ipt_account_handle_get_data(unsigned int handle, void *buffer) { struct ipt_account_handle_ip handle_ip; unsigned int handle_ip_size = sizeof (struct ipt_account_handle_ip); - unsigned char i; + unsigned int i; if (handle >= ACCOUNT_MAX_HANDLES) { @@ -653,7 +672,7 @@ int ipt_account_handle_get_data(unsigned int handle, void *buffer) if (depth == 0) { struct ipt_account_mask_24 *network = (struct ipt_account_mask_24*)ipt_account_handles[handle].data; - for (i = 0; i < 255; i++) + for (i = 0; i <= 255; i++) { if (network->ip[i].src_packets || network->ip[i].dst_packets) { @@ -675,13 +694,13 @@ int ipt_account_handle_get_data(unsigned int handle, void *buffer) if (depth == 1) { struct ipt_account_mask_16 *network_16 = (struct ipt_account_mask_16*)ipt_account_handles[handle].data; - unsigned char b; - for (b = 0; b < 255; b++) + unsigned int b; + for (b = 0; b <= 255; b++) { if (network_16->mask_24[b]) { struct ipt_account_mask_24 *network = (struct ipt_account_mask_24*)network_16->mask_24[b]; - for (i = 0; i < 255; i++) + for (i = 0; i <= 255; i++) { if (network->ip[i].src_packets || network->ip[i].dst_packets) { @@ -705,18 +724,18 @@ int ipt_account_handle_get_data(unsigned int handle, void *buffer) if (depth == 2) { struct ipt_account_mask_8 *network_8 = (struct ipt_account_mask_8*)ipt_account_handles[handle].data; - unsigned char a, b; - for (a = 0; a < 255; a++) + unsigned int a, b; + for (a = 0; a <= 255; a++) { if (network_8->mask_16[a]) { struct ipt_account_mask_16 *network_16 = (struct ipt_account_mask_16*)network_8->mask_16[a]; - for (b = 0; b < 255; b++) + for (b = 0; b <= 255; b++) { if (network_16->mask_24[b]) { struct ipt_account_mask_24 *network = (struct ipt_account_mask_24*)network_16->mask_24[b]; - for (i = 0; i < 255; i++) + for (i = 0; i <= 255; i++) { if (network->ip[i].src_packets || network->ip[i].dst_packets) {