diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-03 15:50:03 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-09-23 12:16:13 +0200 |
commit | 6615676d825e02d271fe7a9ca78a77ac3773ab93 (patch) | |
tree | 4b87a754e50301cb2f8c6c47e44670cc6a27356f /src/netlink_linearize.c | |
parent | 5174b6850291b67769ebd018e5c90837897969c2 (diff) |
src: add per-bytes limit
This example show how to accept packets below the ratelimit:
... limit rate 1024 mbytes/second counter accept
You need a Linux kernel >= 4.3-rc1.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index b2cb98dd..47092d33 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -708,6 +708,7 @@ static void netlink_gen_limit_stmt(struct netlink_linearize_ctx *ctx, nle = alloc_nft_expr("limit"); nftnl_expr_set_u64(nle, NFTNL_EXPR_LIMIT_RATE, stmt->limit.rate); nftnl_expr_set_u64(nle, NFTNL_EXPR_LIMIT_UNIT, stmt->limit.unit); + nftnl_expr_set_u32(nle, NFTNL_EXPR_LIMIT_TYPE, stmt->limit.type); nftnl_rule_add_expr(ctx->nlr, nle); } |