diff options
| author | Liping Zhang <zlpnobody@163.com> | 2016-12-25 20:12:55 +0800 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-01-16 14:09:47 +0100 |
| commit | e3ec9362f0edad08834cb8ba66bc45fdb0bf33f5 (patch) | |
| tree | 383e1e10a0787e0cf10477cc493a8ea9a9ebb458 /doc/nft.xml | |
| parent | 5d6e721c8fe31e14ddedb1a642553d072ec99bd1 (diff) | |
ct: add average bytes per packet counter support
Similar to connbytes extension in iptables, now you can use it to match
average bytes per packet a connection has transferred so far.
For example, match avgpkt in "BOTH" diretion:
# nft add rule x y ct avgpkt \> 100
Match avgpkt in reply direction:
# nft add rule x y ct reply avgpkt \< 900
Or match avgpkt in original direction:
# nft add rule x y ct original avgpkt \> 200
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/nft.xml')
| -rw-r--r-- | doc/nft.xml | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/doc/nft.xml b/doc/nft.xml index 8026d85f..a4212784 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -2112,9 +2112,9 @@ inet filter meta nfproto ipv6 output rt nexthop fd00::1 </para> <para> There are three types of conntrack expressions. Some conntrack expressions require the flow - direction before the conntrack key, others must be used directly because they are - direction agnostic. The <command>packets<command> and </command>bytes</command> keywords can be used - with or without a direction. If the direction is omitted, the sum of the original and the reply + direction before the conntrack key, others must be used directly because they are direction agnostic. + The <command>packets</command>, <command>bytes</command> and <command>avgpkt</command> keywords can be + used with or without a direction. If the direction is omitted, the sum of the original and the reply direction is returned. </para> <para> @@ -2132,6 +2132,7 @@ inet filter meta nfproto ipv6 output rt nexthop fd00::1 <arg>protocol</arg> <arg>bytes</arg> <arg>packets</arg> + <arg>avgpkt</arg> </group> </cmdsynopsis> <cmdsynopsis> @@ -2149,6 +2150,7 @@ inet filter meta nfproto ipv6 output rt nexthop fd00::1 <arg>proto-dst</arg> <arg>bytes</arg> <arg>packets</arg> + <arg>avgpkt</arg> </group> </cmdsynopsis> </para> @@ -2242,6 +2244,11 @@ inet filter meta nfproto ipv6 output rt nexthop fd00::1 <entry>bytecount seen, see description for <command>packets</command> keyword</entry> <entry>integer (64 bit)</entry> </row> + <row> + <entry>avgpkt</entry> + <entry>average bytes per packet, see description for <command>packets</command> keyword</entry> + <entry>integer (64 bit)</entry> + </row> </tbody> </tgroup> </table> |