netfilter: flowtable: add counter support in HW offload

Store the conntrack counters to the conntrack entry in the
HW flowtable offload.

Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index a9b3b88..d9547c3 100644 (file)
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -9,6 +9,7 @@
 #include <net/netfilter/nf_flow_table.h>
 #include <net/netfilter/nf_tables.h>
 #include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_acct.h>
 #include <net/netfilter/nf_conntrack_core.h>
 #include <net/netfilter/nf_conntrack_tuple.h>
 
@@ -783,6 +784,17 @@ static void flow_offload_work_stats(struct flow_offload_work *offload)
        lastused = max_t(u64, stats[0].lastused, stats[1].lastused);
        offload->flow->timeout = max_t(u64, offload->flow->timeout,
                                       lastused + NF_FLOW_TIMEOUT);
+
+       if (offload->flowtable->flags & NF_FLOWTABLE_COUNTER) {
+               if (stats[0].pkts)
+                       nf_ct_acct_add(offload->flow->ct,
+                                      FLOW_OFFLOAD_DIR_ORIGINAL,
+                                      stats[0].pkts, stats[0].bytes);
+               if (stats[1].pkts)
+                       nf_ct_acct_add(offload->flow->ct,
+                                      FLOW_OFFLOAD_DIR_REPLY,
+                                      stats[1].pkts, stats[1].bytes);
+       }
 }
 
 static void flow_offload_work_handler(struct work_struct *work)