summaryrefslogtreecommitdiffstats
path: root/kernel/net
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@netfilter.org>2020-09-20 10:21:15 +0200
committerJozsef Kadlecsik <kadlec@netfilter.org>2020-09-20 10:21:15 +0200
commitb1c7948fc1b46147871b7c0ae6dedbfabd5e44a1 (patch)
treeac448de5c733543fcf46ab1c1fddc34f40a16052 /kernel/net
parent87131f2882220e0b5d64e2b611f8cd6eb6331d78 (diff)
Revert "Introduce --update-counters-first flag for the set target"
This reverts commit c2dfb6432aea5bb0a3522901b0c44f42d8adbd49.
Diffstat (limited to 'kernel/net')
-rw-r--r--kernel/net/netfilter/ipset/ip_set_core.c13
-rw-r--r--kernel/net/netfilter/xt_set.c21
2 files changed, 4 insertions, 30 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 906d01a..c6799af 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -622,9 +622,10 @@ ip_set_add_packets(u64 packets, struct ip_set_counter *counter)
static void
ip_set_update_counter(struct ip_set_counter *counter,
- const struct ip_set_ext *ext)
+ const struct ip_set_ext *ext, u32 flags)
{
- if (ext->packets != ULLONG_MAX) {
+ if (ext->packets != ULLONG_MAX &&
+ !(flags & IPSET_FLAG_SKIP_COUNTER_UPDATE)) {
ip_set_add_bytes(ext->bytes, counter);
ip_set_add_packets(ext->packets, counter);
}
@@ -648,19 +649,13 @@ ip_set_match_extensions(struct ip_set *set, const struct ip_set_ext *ext,
if (SET_WITH_COUNTER(set)) {
struct ip_set_counter *counter = ext_counter(data, set);
- if (flags & IPSET_FLAG_UPDATE_COUNTERS_FIRST)
- ip_set_update_counter(counter, ext);
-
if (flags & IPSET_FLAG_MATCH_COUNTERS &&
!(ip_set_match_counter(ip_set_get_packets(counter),
mext->packets, mext->packets_op) &&
ip_set_match_counter(ip_set_get_bytes(counter),
mext->bytes, mext->bytes_op)))
return false;
-
- if (!(flags & (IPSET_FLAG_UPDATE_COUNTERS_FIRST |
- IPSET_FLAG_SKIP_COUNTER_UPDATE)))
- ip_set_update_counter(counter, ext);
+ ip_set_update_counter(counter, ext, flags);
}
if (SET_WITH_SKBINFO(set))
ip_set_get_skbinfo(ext_skbinfo(data, set),
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index 7639522..95efb3a 100644
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -646,27 +646,6 @@ static struct xt_match set_matches[] __read_mostly = {
.destroy = set_match_v4_destroy,
.me = THIS_MODULE
},
- /* --update-counters-first flag support */
- {
- .name = "set",
- .family = NFPROTO_IPV4,
- .revision = 5,
- .match = set_match_v4,
- .matchsize = sizeof(struct xt_set_info_match_v4),
- .checkentry = set_match_v4_checkentry,
- .destroy = set_match_v4_destroy,
- .me = THIS_MODULE
- },
- {
- .name = "set",
- .family = NFPROTO_IPV6,
- .revision = 5,
- .match = set_match_v4,
- .matchsize = sizeof(struct xt_set_info_match_v4),
- .checkentry = set_match_v4_checkentry,
- .destroy = set_match_v4_destroy,
- .me = THIS_MODULE
- },
};
static struct xt_target set_targets[] __read_mostly = {