diff options
| author | Florian Westphal <fw@strlen.de> | 2015-12-12 01:10:04 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2015-12-12 01:10:04 +0100 |
| commit | 0bfbe6146418d93b2523ea56b43213cac5d6620c (patch) | |
| tree | e2bbc41841c648c69357c9dc66be1102ca6a8ffd /src | |
| parent | 757b3ab08b8b22f230fb8e481bec78ecbfbb335a (diff) | |
ct: add packet/byte counter support
packets and bytes need special treatment -- we want to be able to get
packet/byte counter in either direction, but also express
'fetch in *BOTH* directions', i.e.
ct packets original + ct packets reply > 1000
This either requires a '+' expression, a new 'both' direction, or
keys where direction is optional, i.e.
ct packets > 12345 ; original + reply
ct original packets > 12345 ; original
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/ct.c | 4 | ||||
| -rw-r--r-- | src/parser_bison.y | 8 |
2 files changed, 11 insertions, 1 deletions
@@ -203,6 +203,10 @@ static const struct ct_template ct_templates[] = { [NFT_CT_LABELS] = CT_TEMPLATE("label", &ct_label_type, BYTEORDER_HOST_ENDIAN, CT_LABEL_BIT_SIZE), + [NFT_CT_BYTES] = CT_TEMPLATE("bytes", &integer_type, + BYTEORDER_HOST_ENDIAN, 64), + [NFT_CT_PKTS] = CT_TEMPLATE("packets", &integer_type, + BYTEORDER_HOST_ENDIAN, 64), }; static void ct_expr_print(const struct expr *expr) diff --git a/src/parser_bison.y b/src/parser_bison.y index ca9b757a..833e7f5d 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -565,7 +565,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type <expr> ct_expr %destructor { expr_free($$); } ct_expr -%type <val> ct_key ct_key_dir +%type <val> ct_key ct_key_dir ct_key_counters %type <val> export_format %type <string> monitor_event @@ -2274,6 +2274,7 @@ ct_key : STATE { $$ = NFT_CT_STATE; } | EXPIRATION { $$ = NFT_CT_EXPIRATION; } | HELPER { $$ = NFT_CT_HELPER; } | LABEL { $$ = NFT_CT_LABELS; } + | ct_key_counters ; ct_key_dir : SADDR { $$ = NFT_CT_SRC; } | DADDR { $$ = NFT_CT_DST; } @@ -2281,6 +2282,11 @@ ct_key_dir : SADDR { $$ = NFT_CT_SRC; } | PROTOCOL { $$ = NFT_CT_PROTOCOL; } | PROTO_SRC { $$ = NFT_CT_PROTO_SRC; } | PROTO_DST { $$ = NFT_CT_PROTO_DST; } + | ct_key_counters + ; + +ct_key_counters : BYTES { $$ = NFT_CT_BYTES; } + | PACKETS { $$ = NFT_CT_PKTS; } ; ct_stmt : CT ct_key SET expr |