diff options
author | Liping Zhang <zlpnobody@163.com> | 2016-12-25 20:12:55 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-01-16 14:09:47 +0100 |
commit | e3ec9362f0edad08834cb8ba66bc45fdb0bf33f5 (patch) | |
tree | 383e1e10a0787e0cf10477cc493a8ea9a9ebb458 /tests/py/any/ct.t.payload | |
parent | 5d6e721c8fe31e14ddedb1a642553d072ec99bd1 (diff) |
ct: add average bytes per packet counter support
Similar to connbytes extension in iptables, now you can use it to match
average bytes per packet a connection has transferred so far.
For example, match avgpkt in "BOTH" diretion:
# nft add rule x y ct avgpkt \> 100
Match avgpkt in reply direction:
# nft add rule x y ct reply avgpkt \< 900
Or match avgpkt in original direction:
# nft add rule x y ct original avgpkt \> 200
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/any/ct.t.payload')
-rw-r--r-- | tests/py/any/ct.t.payload | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload index 90fce9ff..3370bcac 100644 --- a/tests/py/any/ct.t.payload +++ b/tests/py/any/ct.t.payload @@ -361,6 +361,18 @@ ip test-ip4 output [ byteorder reg 1 = hton(reg 1, 8, 8) ] [ cmp gt reg 1 0x00000000 0xa0860100 ] +# ct avgpkt \> 200 +ip test-ip4 output + [ ct load avgpkt => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 8, 8) ] + [ cmp gt reg 1 0x00000000 0xc8000000 ] + +# ct original avgpkt \< 500 +ip test-ip4 output + [ ct load avgpkt => reg 1 , dir original ] + [ byteorder reg 1 = hton(reg 1, 8, 8) ] + [ cmp lt reg 1 0x00000000 0xf4010000 ] + # ct status expected,seen-reply,assured,confirmed,snat,dnat,dying ip test-ip4 output [ ct load status => reg 1 ] |