From 694abf18792d58f1c70b8c8498f46a2b2d0dfe80 Mon Sep 17 00:00:00 2001 From: "/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org" Date: Thu, 29 Nov 2007 03:44:35 +0000 Subject: Move libipt_connbytes.man to libxt_connbytes.man for ip6tables.8 --- extensions/libipt_connbytes.man | 30 ------------------------------ extensions/libxt_connbytes.man | 30 ++++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 30 deletions(-) delete mode 100644 extensions/libipt_connbytes.man create mode 100644 extensions/libxt_connbytes.man (limited to 'extensions') diff --git a/extensions/libipt_connbytes.man b/extensions/libipt_connbytes.man deleted file mode 100644 index ce7b665..0000000 --- a/extensions/libipt_connbytes.man +++ /dev/null @@ -1,30 +0,0 @@ -Match by how many bytes or packets a connection (or one of the two -flows constituting the connection) have tranferred so far, or by -average bytes per packet. - -The counters are 64bit and are thus not expected to overflow ;) - -The primary use is to detect long-lived downloads and mark them to be -scheduled using a lower priority band in traffic control. - -The transfered bytes per connection can also be viewed through -/proc/net/ip_conntrack and accessed via ctnetlink -.TP -[\fB!\fR]\fB --connbytes \fIfrom\fB:\fR[\fIto\fR] -match packets from a connection whose packets/bytes/average packet -size is more than FROM and less than TO bytes/packets. if TO is -omitted only FROM check is done. "!" is used to match packets not -falling in the range. -.TP -\fB--connbytes-dir\fR [\fBoriginal\fR|\fBreply\fR|\fBboth\fR] -which packets to consider -.TP -\fB--connbytes-mode\fR [\fBpackets\fR|\fBbytes\fR|\fBavgpkt\fR] -whether to check the amount of packets, number of bytes transferred or -the average size (in bytes) of all packets received so far. Note that -when "both" is used together with "avgpkt", and data is going (mainly) -only in one direction (for example HTTP), the average packet size will -be about half of the actual data packets. -.TP -Example: -iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both --connbytes-mode bytes ... diff --git a/extensions/libxt_connbytes.man b/extensions/libxt_connbytes.man new file mode 100644 index 0000000..ce7b665 --- /dev/null +++ b/extensions/libxt_connbytes.man @@ -0,0 +1,30 @@ +Match by how many bytes or packets a connection (or one of the two +flows constituting the connection) have tranferred so far, or by +average bytes per packet. + +The counters are 64bit and are thus not expected to overflow ;) + +The primary use is to detect long-lived downloads and mark them to be +scheduled using a lower priority band in traffic control. + +The transfered bytes per connection can also be viewed through +/proc/net/ip_conntrack and accessed via ctnetlink +.TP +[\fB!\fR]\fB --connbytes \fIfrom\fB:\fR[\fIto\fR] +match packets from a connection whose packets/bytes/average packet +size is more than FROM and less than TO bytes/packets. if TO is +omitted only FROM check is done. "!" is used to match packets not +falling in the range. +.TP +\fB--connbytes-dir\fR [\fBoriginal\fR|\fBreply\fR|\fBboth\fR] +which packets to consider +.TP +\fB--connbytes-mode\fR [\fBpackets\fR|\fBbytes\fR|\fBavgpkt\fR] +whether to check the amount of packets, number of bytes transferred or +the average size (in bytes) of all packets received so far. Note that +when "both" is used together with "avgpkt", and data is going (mainly) +only in one direction (for example HTTP), the average packet size will +be about half of the actual data packets. +.TP +Example: +iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both --connbytes-mode bytes ... -- cgit v1.2.3