summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLiping Zhang <zlpnobody@163.com>2016-12-25 20:12:55 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2017-01-16 14:09:47 +0100
commite3ec9362f0edad08834cb8ba66bc45fdb0bf33f5 (patch)
tree383e1e10a0787e0cf10477cc493a8ea9a9ebb458 /src
parent5d6e721c8fe31e14ddedb1a642553d072ec99bd1 (diff)
ct: add average bytes per packet counter support
Similar to connbytes extension in iptables, now you can use it to match average bytes per packet a connection has transferred so far. For example, match avgpkt in "BOTH" diretion: # nft add rule x y ct avgpkt \> 100 Match avgpkt in reply direction: # nft add rule x y ct reply avgpkt \< 900 Or match avgpkt in original direction: # nft add rule x y ct original avgpkt \> 200 Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/ct.c2
-rw-r--r--src/parser_bison.y2
-rw-r--r--src/scanner.l1
3 files changed, 5 insertions, 0 deletions
diff --git a/src/ct.c b/src/ct.c
index d0792890..31c7a4b1 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -232,6 +232,8 @@ static const struct ct_template ct_templates[] = {
BYTEORDER_HOST_ENDIAN, 64),
[NFT_CT_PKTS] = CT_TEMPLATE("packets", &integer_type,
BYTEORDER_HOST_ENDIAN, 64),
+ [NFT_CT_AVGPKT] = CT_TEMPLATE("avgpkt", &integer_type,
+ BYTEORDER_HOST_ENDIAN, 64),
};
static void ct_expr_print(const struct expr *expr)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index be662e4d..4749c9fa 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -362,6 +362,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token NAME "name"
%token PACKETS "packets"
%token BYTES "bytes"
+%token AVGPKT "avgpkt"
%token COUNTERS "counters"
%token QUOTAS "quotas"
@@ -2945,6 +2946,7 @@ ct_key_dir : SADDR { $$ = NFT_CT_SRC; }
ct_key_counters : BYTES { $$ = NFT_CT_BYTES; }
| PACKETS { $$ = NFT_CT_PKTS; }
+ | AVGPKT { $$ = NFT_CT_AVGPKT; }
;
ct_stmt : CT ct_key SET expr
diff --git a/src/scanner.l b/src/scanner.l
index 6b441b54..d0d25ea9 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -294,6 +294,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"name" { return NAME; }
"packets" { return PACKETS; }
"bytes" { return BYTES; }
+"avgpkt" { return AVGPKT; }
"counters" { return COUNTERS; }
"quotas" { return QUOTAS; }