diff options
author | Patrick McHardy <kaber@trash.net> | 2016-04-27 12:29:50 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-13 19:30:29 +0200 |
commit | 3ed5e31f4a323d7f054b6120d05134195dc681f0 (patch) | |
tree | 5daa5afd681e9b3dbada6405659cd11cefc19554 /include/netlink.h | |
parent | 9f3cce668b72c9ec9d9e0a6071d132a8f35d7b70 (diff) |
src: add flow statement
The flow statement allows to instantiate per flow statements for user
defined flows. This can so far be used for per flow accounting or limiting,
similar to what the iptables hashlimit provides. Flows can be aged using
the timeout option.
Examples:
# nft filter input flow ip saddr . tcp dport limit rate 10/second
# nft filter input flow table acct iif . ip saddr timeout 60s counter
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/netlink.h')
-rw-r--r-- | include/netlink.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/netlink.h b/include/netlink.h index 9ec5409b..9f465601 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -142,6 +142,9 @@ extern int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h, extern int netlink_get_set(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc); +extern struct stmt *netlink_parse_set_expr(const struct set *set, + const struct nftnl_expr *nle); + extern int netlink_add_setelems(struct netlink_ctx *ctx, const struct handle *h, const struct expr *expr); extern int netlink_delete_setelems(struct netlink_ctx *ctx, const struct handle *h, |