summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorHarald Welte <laforge@netfilter.org>2005-08-13 13:56:26 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2005-08-29 15:58:04 -0700
commit9d810fd2d28a9d672eca3136476af1a54a380bb2 (patch)
tree1eaa57851bbc1eeee094b92c539de8e7509aa297 /include
parent0ba2c6e8c0fb5cde5a23a213c2e7cb851b85c310 (diff)
downloadlinux-stable-9d810fd2d28a9d672eca3136476af1a54a380bb2.tar.gz
linux-stable-9d810fd2d28a9d672eca3136476af1a54a380bb2.tar.bz2
linux-stable-9d810fd2d28a9d672eca3136476af1a54a380bb2.zip
[NETFILTER]: Add new iptables "connbytes" match
This patch ads a new "connbytes" match that utilizes the CONFIG_NF_CT_ACCT per-connection byte and packet counters. Using it you can do things like packet classification on average packet size within a connection. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter_ipv4/ipt_connbytes.h25
1 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ipt_connbytes.h b/include/linux/netfilter_ipv4/ipt_connbytes.h
new file mode 100644
index 000000000000..abaa65afd4e9
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_connbytes.h
@@ -0,0 +1,25 @@
+#ifndef _IPT_CONNBYTES_H
+#define _IPT_CONNBYTES_H
+
+enum ipt_connbytes_what {
+ IPT_CONNBYTES_WHAT_PKTS,
+ IPT_CONNBYTES_WHAT_BYTES,
+ IPT_CONNBYTES_WHAT_AVGPKT,
+};
+
+enum ipt_connbytes_direction {
+ IPT_CONNBYTES_DIR_ORIGINAL,
+ IPT_CONNBYTES_DIR_REPLY,
+ IPT_CONNBYTES_DIR_BOTH,
+};
+
+struct ipt_connbytes_info
+{
+ struct {
+ aligned_u64 from; /* count to be matched */
+ aligned_u64 to; /* count to be matched */
+ } count;
+ u_int8_t what; /* ipt_connbytes_what */
+ u_int8_t direction; /* ipt_connbytes_direction */
+};
+#endif