From e3ec9362f0edad08834cb8ba66bc45fdb0bf33f5 Mon Sep 17 00:00:00 2001
From: Liping Zhang <zlpnobody@163.com>
Date: Sun, 25 Dec 2016 20:12:55 +0800
Subject: ct: add average bytes per packet counter support

Similar to connbytes extension in iptables, now you can use it to match
average bytes per packet a connection has transferred so far.

For example, match avgpkt in "BOTH" diretion:
  # nft add rule x y ct avgpkt \> 100

Match avgpkt in reply direction:
  # nft add rule x y ct reply avgpkt \< 900

Or match avgpkt in original direction:
  # nft add rule x y ct original avgpkt \> 200

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_bison.y | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/parser_bison.y')

diff --git a/src/parser_bison.y b/src/parser_bison.y
index be662e4d..4749c9fa 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -362,6 +362,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
 %token NAME			"name"
 %token PACKETS			"packets"
 %token BYTES			"bytes"
+%token AVGPKT			"avgpkt"
 
 %token COUNTERS			"counters"
 %token QUOTAS			"quotas"
@@ -2945,6 +2946,7 @@ ct_key_dir		:	SADDR		{ $$ = NFT_CT_SRC; }
 
 ct_key_counters		:	BYTES		{ $$ = NFT_CT_BYTES; }
 			|	PACKETS		{ $$ = NFT_CT_PKTS; }
+			|	AVGPKT		{ $$ = NFT_CT_AVGPKT; }
 			;
 
 ct_stmt			:	CT	ct_key		SET	expr
-- 
cgit v1.2.3