From 3f5ef7d63f9ef70855dedd9b5aa7eba2f63a1ec7 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 9 Dec 2015 22:55:30 +0100
Subject: src: support limit rate over value

So far it was only possible to match packet under a rate limit, this
patch allows you to explicitly indicate if you want to match packets
that goes over or until the rate limit, eg.

... limit rate over 3/second counter log prefix "OVERLIMIT: " drop
... limit rate over 3 mbytes/second counter log prefix "OVERLIMIT: " drop
... ct state invalid limit rate until 1/second counter log prefix "INVALID: "

When listing rate limit until, this shows:

... ct state invalid limit rate 1/second counter log prefix "INVALID: "

thus, the existing syntax is still valid (i.e. default to rate limit until).

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/statement.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include/statement.h')

diff --git a/include/statement.h b/include/statement.h
index 53620aec..6be3a240 100644
--- a/include/statement.h
+++ b/include/statement.h
@@ -61,6 +61,7 @@ struct limit_stmt {
 	uint64_t		unit;
 	enum nft_limit_type	type;
 	uint32_t		burst;
+	uint32_t		flags;
 };
 
 extern struct stmt *limit_stmt_alloc(const struct location *loc);
-- 
cgit v1.2.3