diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-05-01 00:56:35 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2013-06-07 19:30:57 +0200 |
commit | 34844da8f53ec80b34ad094f2fca2519a7079ec2 (patch) | |
tree | 513e761fd914bffb8d96aade042312d5073be437 /extensions/libxt_set.man | |
parent | f927d5fc3a6a0a8a8fb03e733a6572a934482723 (diff) |
Introduce a new revision for the set match with the counters support
The revision add the support of matching the packet/byte counters
if the set was defined with the extension. Also, a new flag is
introduced to suppress updating the packet/byte counters if required.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'extensions/libxt_set.man')
-rw-r--r-- | extensions/libxt_set.man | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/extensions/libxt_set.man b/extensions/libxt_set.man index ac60f148..7012ef2e 100644 --- a/extensions/libxt_set.man +++ b/extensions/libxt_set.man @@ -15,11 +15,48 @@ the set type of the specified set is single dimension (for example ipmap), then the command will match packets for which the source address can be found in the specified set. .TP -\fB\-\-return\-\-nomatch\fP -If the \fB\-\-return\-\-nomatch\fP option is specified and the set type +\fB\-\-return\-nomatch\fP +If the \fB\-\-return\-nomatch\fP option is specified and the set type supports the \fBnomatch\fP flag, then the matching is reversed: a match with an element flagged with \fBnomatch\fP returns \fBtrue\fP, while a match with a plain element returns \fBfalse\fP. +.TP +\fB!\fP \fB\-\-update\-counters\fP +If the \fB\-\-update\-counters\fP flag is negated, then the packet and +byte counters of the matching element in the set won't be updated. Default +the packet and byte counters are updated. +.TP +\fB!\fP \fB\-\-update\-subcounters\fP +If the \fB\-\-update\-subcounters\fP flag is negated, then the packet and +byte counters of the matching element in the member set of a list type of +set won't be updated. Default the packet and byte counters are updated. +.TP +[\fB!\fP] \fB\-\-packets\-eq\fP \fIvalue\fP +If the packet is matched an element in the set, match only if the +packet counter of the element matches the given value too. +.TP +\fB\-\-packets\-lt\fP \fIvalue\fP +If the packet is matched an element in the set, match only if the +packet counter of the element is less than the given value as well. +.TP +\fB\-\-packets\-gt\fP \fIvalue\fP +If the packet is matched an element in the set, match only if the +packet counter of the element is greater than the given value as well. +.TP +[\fB!\fP] \fB\-bytes\-eq\fP \fIvalue\fP +If the packet is matched an element in the set, match only if the +byte counter of the element matches the given value too. +.TP +\fB\-\-bytes\-lt\fP \fIvalue\fP +If the packet is matched an element in the set, match only if the +byte counter of the element is less than the given value as well. +.TP +\fB\-\-bytes\-gt\fP \fIvalue\fP +If the packet is matched an element in the set, match only if the +byte counter of the element is greater than the given value as well. +.PP +The packet and byte counters related options and flags are ignored +when the set was defined without counter support. .PP The option \fB\-\-match\-set\fP can be replaced by \fB\-\-set\fP if that does not clash with an option of other extensions. |