diff options
author | Harald Welte <laforge@netfilter.org> | 2005-08-13 13:56:26 -0700 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2005-08-29 15:58:04 -0700 |
commit | 9d810fd2d28a9d672eca3136476af1a54a380bb2 (patch) | |
tree | 1eaa57851bbc1eeee094b92c539de8e7509aa297 /include | |
parent | 0ba2c6e8c0fb5cde5a23a213c2e7cb851b85c310 (diff) | |
download | linux-stable-9d810fd2d28a9d672eca3136476af1a54a380bb2.tar.gz linux-stable-9d810fd2d28a9d672eca3136476af1a54a380bb2.tar.bz2 linux-stable-9d810fd2d28a9d672eca3136476af1a54a380bb2.zip |
[NETFILTER]: Add new iptables "connbytes" match
This patch ads a new "connbytes" match that utilizes the CONFIG_NF_CT_ACCT
per-connection byte and packet counters. Using it you can do things like
packet classification on average packet size within a connection.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_connbytes.h | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ipt_connbytes.h b/include/linux/netfilter_ipv4/ipt_connbytes.h new file mode 100644 index 000000000000..abaa65afd4e9 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_connbytes.h @@ -0,0 +1,25 @@ +#ifndef _IPT_CONNBYTES_H +#define _IPT_CONNBYTES_H + +enum ipt_connbytes_what { + IPT_CONNBYTES_WHAT_PKTS, + IPT_CONNBYTES_WHAT_BYTES, + IPT_CONNBYTES_WHAT_AVGPKT, +}; + +enum ipt_connbytes_direction { + IPT_CONNBYTES_DIR_ORIGINAL, + IPT_CONNBYTES_DIR_REPLY, + IPT_CONNBYTES_DIR_BOTH, +}; + +struct ipt_connbytes_info +{ + struct { + aligned_u64 from; /* count to be matched */ + aligned_u64 to; /* count to be matched */ + } count; + u_int8_t what; /* ipt_connbytes_what */ + u_int8_t direction; /* ipt_connbytes_direction */ +}; +#endif |