From e3ec9362f0edad08834cb8ba66bc45fdb0bf33f5 Mon Sep 17 00:00:00 2001
From: Liping Zhang <zlpnobody@163.com>
Date: Sun, 25 Dec 2016 20:12:55 +0800
Subject: ct: add average bytes per packet counter support

Similar to connbytes extension in iptables, now you can use it to match
average bytes per packet a connection has transferred so far.

For example, match avgpkt in "BOTH" diretion:
  # nft add rule x y ct avgpkt \> 100

Match avgpkt in reply direction:
  # nft add rule x y ct reply avgpkt \< 900

Or match avgpkt in original direction:
  # nft add rule x y ct original avgpkt \> 200

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/ct.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/ct.c')

diff --git a/src/ct.c b/src/ct.c
index d0792890..31c7a4b1 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -232,6 +232,8 @@ static const struct ct_template ct_templates[] = {
 					      BYTEORDER_HOST_ENDIAN, 64),
 	[NFT_CT_PKTS]		= CT_TEMPLATE("packets", &integer_type,
 					      BYTEORDER_HOST_ENDIAN, 64),
+	[NFT_CT_AVGPKT]		= CT_TEMPLATE("avgpkt", &integer_type,
+					      BYTEORDER_HOST_ENDIAN, 64),
 };
 
 static void ct_expr_print(const struct expr *expr)
-- 
cgit v1.2.3