MT_DEBUG("qtaguid[%d]: entered skb=%p par->in=%p/out=%p fam=%d\n",
par->hooknum, skb, par->in, par->out, par->family);
+ atomic64_inc(&qtu_events.match_calls);
if (skb == NULL) {
res = (info->match ^ info->invert) == 0;
goto ret_res;
got_sock = sk;
if (sk)
atomic64_inc(&qtu_events.match_found_sk_in_ct);
+ else
+ atomic64_inc(&qtu_events.match_found_no_sk_in_ct);
} else {
atomic64_inc(&qtu_events.match_found_sk);
}
par->hooknum,
sk ? sk->sk_socket : NULL);
res = (info->match ^ info->invert) == 0;
- atomic64_inc(&qtu_events.match_found_sk_none);
+ atomic64_inc(&qtu_events.match_no_sk);
goto put_sock_ret_res;
} else if (info->match & info->invert & XT_QTAGUID_SOCKET) {
res = false;
filp = sk->sk_socket->file;
if (filp == NULL) {
MT_DEBUG("qtaguid[%d]: leaving filp=NULL\n", par->hooknum);
+ account_for_uid(skb, sk, 0, par);
res = ((info->match ^ info->invert) &
(XT_QTAGUID_UID | XT_QTAGUID_GID)) == 0;
+ atomic64_inc(&qtu_events.match_no_sk_file);
goto put_sock_ret_res;
}
sock_uid = filp->f_cred->fsuid;
"counter_set_changes=%llu "
"delete_cmds=%llu "
"iface_events=%llu "
+ "match_calls=%llu "
"match_found_sk=%llu "
"match_found_sk_in_ct=%llu "
- "match_found_sk_none=%llu\n",
+ "match_found_no_sk_in_ct=%llu "
+ "match_no_sk=%llu "
+ "match_no_sk_file=%llu\n",
atomic64_read(&qtu_events.sockets_tagged),
atomic64_read(&qtu_events.sockets_untagged),
atomic64_read(&qtu_events.counter_set_changes),
atomic64_read(&qtu_events.delete_cmds),
atomic64_read(&qtu_events.iface_events),
+ atomic64_read(&qtu_events.match_calls),
atomic64_read(&qtu_events.match_found_sk),
atomic64_read(&qtu_events.match_found_sk_in_ct),
- atomic64_read(&qtu_events.match_found_sk_none));
+ atomic64_read(
+ &qtu_events.match_found_no_sk_in_ct),
+ atomic64_read(&qtu_events.match_no_sk),
+ atomic64_read(&qtu_events.match_no_sk_file));
if (len >= char_count) {
*outp = '\0';
return outp - page;
atomic64_t counter_set_changes;
atomic64_t delete_cmds;
atomic64_t iface_events; /* Number of NETDEV_* events handled */
+
+ atomic64_t match_calls; /* Number of times iptables called mt */
/*
* match_found_sk_*: numbers related to the netfilter matching
* function finding a sock for the sk_buff.
+ * Total skbs processed is sum(match_found*).
*/
atomic64_t match_found_sk; /* An sk was already in the sk_buff. */
- /* The connection tracker had the sk. */
+ /* The connection tracker had or didn't have the sk. */
atomic64_t match_found_sk_in_ct;
+ atomic64_t match_found_no_sk_in_ct;
/*
* No sk could be found. No apparent owner. Could happen with
* unsolicited traffic.
*/
- atomic64_t match_found_sk_none;
+ atomic64_t match_no_sk;
+ /*
+ * The file ptr in the sk_socket wasn't there.
+ * This might happen for traffic while the socket is being closed.
+ */
+ atomic64_t match_no_sk_file;
};
/* Track the set active_set for the given tag. */