diff options
author | Patrick McHardy <kaber@trash.net> | 2016-04-27 12:29:50 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-13 19:30:29 +0200 |
commit | 3ed5e31f4a323d7f054b6120d05134195dc681f0 (patch) | |
tree | 5daa5afd681e9b3dbada6405659cd11cefc19554 /include/statement.h | |
parent | 9f3cce668b72c9ec9d9e0a6071d132a8f35d7b70 (diff) |
src: add flow statement
The flow statement allows to instantiate per flow statements for user
defined flows. This can so far be used for per flow accounting or limiting,
similar to what the iptables hashlimit provides. Flows can be aged using
the timeout option.
Examples:
# nft filter input flow ip saddr . tcp dport limit rate 10/second
# nft filter input flow table acct iif . ip saddr timeout 60s counter
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/statement.h')
-rw-r--r-- | include/statement.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/include/statement.h b/include/statement.h index a6a86f94..e9313ca7 100644 --- a/include/statement.h +++ b/include/statement.h @@ -138,12 +138,22 @@ struct set_stmt { extern struct stmt *set_stmt_alloc(const struct location *loc); +struct flow_stmt { + struct expr *set; + struct expr *key; + struct stmt *stmt; + const char *table; +}; + +extern struct stmt *flow_stmt_alloc(const struct location *loc); + /** * enum stmt_types - statement types * * @STMT_INVALID: uninitialised * @STMT_EXPRESSION: expression statement (relational) * @STMT_VERDICT: verdict statement + * @STMT_FLOW: flow statement * @STMT_COUNTER: counters * @STMT_PAYLOAD: payload statement * @STMT_META: meta statement @@ -163,6 +173,7 @@ enum stmt_types { STMT_INVALID, STMT_EXPRESSION, STMT_VERDICT, + STMT_FLOW, STMT_COUNTER, STMT_PAYLOAD, STMT_META, @@ -217,6 +228,7 @@ struct stmt { union { struct expr *expr; + struct flow_stmt flow; struct counter_stmt counter; struct payload_stmt payload; struct meta_stmt meta; |