netfilter: nft_ct: add byte/packet counter support

	NFT_CT_PROTO_SRC,

	NFT_CT_PROTO_DST,

	NFT_CT_LABELS,

	NFT_CT_PKTS,

	NFT_CT_BYTES,

};

/**

#include <linux/netfilter/nf_tables.h>

#include <net/netfilter/nf_tables.h>

#include <net/netfilter/nf_conntrack.h>

#include <net/netfilter/nf_conntrack_acct.h>

#include <net/netfilter/nf_conntrack_tuple.h>

#include <net/netfilter/nf_conntrack_helper.h>

#include <net/netfilter/nf_conntrack_ecache.h>

	};

};

static u64 nft_ct_get_eval_counter(const struct nf_conn_counter *c,

				   enum nft_ct_keys k,

				   enum ip_conntrack_dir d)

{

	if (d < IP_CT_DIR_MAX)

		return k == NFT_CT_BYTES ? atomic64_read(&c[d].bytes) :

					   atomic64_read(&c[d].packets);

	return nft_ct_get_eval_counter(c, k, IP_CT_DIR_ORIGINAL) +

	       nft_ct_get_eval_counter(c, k, IP_CT_DIR_REPLY);

}

static void nft_ct_get_eval(const struct nft_expr *expr,

			    struct nft_regs *regs,

			    const struct nft_pktinfo *pkt)

			       NF_CT_LABELS_MAX_SIZE - size);

		return;

	}

	case NFT_CT_BYTES: /* fallthrough */

	case NFT_CT_PKTS: {

		const struct nf_conn_acct *acct = nf_conn_acct_find(ct);

		u64 count = 0;

		if (acct)

			count = nft_ct_get_eval_counter(acct->counter,

							priv->key, priv->dir);

		memcpy(dest, &count, sizeof(count));

		return;

	}

#endif

	default:

		break;

			return -EINVAL;

		len = FIELD_SIZEOF(struct nf_conntrack_tuple, src.u.all);

		break;

	case NFT_CT_BYTES:

	case NFT_CT_PKTS:

		/* no direction? return sum of original + reply */

		if (tb[NFTA_CT_DIRECTION] == NULL)

			priv->dir = IP_CT_DIR_MAX;

		len = sizeof(u64);

		break;

	default:

		return -EOPNOTSUPP;

	}

	case NFT_CT_PROTO_DST:

		if (nla_put_u8(skb, NFTA_CT_DIRECTION, priv->dir))

			goto nla_put_failure;

		break;

	case NFT_CT_BYTES:

	case NFT_CT_PKTS:

		if (priv->dir < IP_CT_DIR_MAX &&

		    nla_put_u8(skb, NFTA_CT_DIRECTION, priv->dir))

			goto nla_put_failure;

		break;

	default:

		break;

	}