summaryrefslogtreecommitdiffstats
path: root/include/linux
Commit message (Collapse)AuthorAgeFilesLines
* include: Sync with kernel headersFelix Janda2015-05-292-56/+15
| | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfacct: add filter in to the list operationAlexey Perevalov2014-09-151-0/+8
| | | | | | | | | | | | | | | | | | | Filter feature is working through NFACCT_FILTER netlink attribute. If kernel doesn't support it, client will not get an error and silently will work as before. This patch adds following command line arguments: counters, overquota, bytes-quota, pkts-quota. Which could be used with list operation. Combination of these command line options isn't allowed. For example. user@root:/#nfacct list counters will show counters without byte/packet based quota user@root:/#nfacct list reset overquota will reset value for overquoted counters only Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfacct: adding quota capabilitiesMathieu Poirier2014-04-242-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The accounting framework now supports quota at the packet and byte level. The tool is simply enhanced with two optional arguments to specify the whether accounting for byte of packet and the limit associated with each. Also adding a monitor mode that listens for quota attainment notification. Examples: /* create an accounting object that isn't associated to a quota */ $ nfacct add first_no_quota /* create a quota object with byte count limited to 50 byte */ $ nfacct add second_quota byte 50 /* create a quota object with packet count limited to 5 */ $ nfacct add third_quota packet 5 From there the accounting objects can be used in iptables the same way as they did before: /* limit the number of icmp packets allowed through the OUTPUT chain */ $ iptables -I OUTPUT -p icmp -m nfacct --nfacct-name third_quota -j REJECT /* listening for quota attainment notification */ $ nfacct monitor Everything else works the same way. Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* initial importPablo Neira Ayuso2011-12-304-0/+132
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>