diff options
| author | Harald Welte | 2005-08-13 22:56:26 +0200 |
|---|---|---|
| committer | David S. Miller | 2005-08-30 00:58:04 +0200 |
| commit | 9d810fd2d28a9d672eca3136476af1a54a380bb2 (patch) | |
| tree | 1eaa57851bbc1eeee094b92c539de8e7509aa297 /include | |
| parent | [NETFILTER]: introduce and use aligned_u64 data type (diff) | |
| download | kernel-qcow2-linux-9d810fd2d28a9d672eca3136476af1a54a380bb2.tar.gz kernel-qcow2-linux-9d810fd2d28a9d672eca3136476af1a54a380bb2.tar.xz kernel-qcow2-linux-9d810fd2d28a9d672eca3136476af1a54a380bb2.zip | |
[NETFILTER]: Add new iptables "connbytes" match
This patch ads a new "connbytes" match that utilizes the CONFIG_NF_CT_ACCT
per-connection byte and packet counters. Using it you can do things like
packet classification on average packet size within a connection.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter_ipv4/ipt_connbytes.h | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ipt_connbytes.h b/include/linux/netfilter_ipv4/ipt_connbytes.h new file mode 100644 index 000000000000..abaa65afd4e9 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_connbytes.h @@ -0,0 +1,25 @@ +#ifndef _IPT_CONNBYTES_H +#define _IPT_CONNBYTES_H + +enum ipt_connbytes_what { + IPT_CONNBYTES_WHAT_PKTS, + IPT_CONNBYTES_WHAT_BYTES, + IPT_CONNBYTES_WHAT_AVGPKT, +}; + +enum ipt_connbytes_direction { + IPT_CONNBYTES_DIR_ORIGINAL, + IPT_CONNBYTES_DIR_REPLY, + IPT_CONNBYTES_DIR_BOTH, +}; + +struct ipt_connbytes_info +{ + struct { + aligned_u64 from; /* count to be matched */ + aligned_u64 to; /* count to be matched */ + } count; + u_int8_t what; /* ipt_connbytes_what */ + u_int8_t direction; /* ipt_connbytes_direction */ +}; +#endif |