aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-12-04 07:02:19 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:56:03 -0500
commit50c164a81f1c0dfad056f99e5685537fdd0f07dd (patch)
tree8f1383e3bdff0de1969dc280faf11b3e4bf01ef8 /include/linux
parent5859034d7eb8793d3d78d3af515c4175e7b9d03a (diff)
[NETFILTER]: x_tables: add rateest match
Add rate estimator match. The rate estimator match can match on estimated rates by the RATEEST target. It supports matching on absolute bps/pps values, comparing two rate estimators and matching on the difference between two rate estimators. This is what I use to route outgoing data connections from a FTP server over two lines based on the available bandwidth: # estimate outgoing rates iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 \ --rateest-interval 250ms \ --rateest-ewma 0.5s iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0 \ --rateest-interval 250ms \ --rateest-ewma 0.5s # mark based on available bandwidth iptables -t mangle -A BALANCE -m state --state NEW \ -m helper --helper ftp \ -m rateest --rateest-delta \ --rateest1 eth0 \ --rateest-bps1 2.5mbit \ --rateest-gt \ --rateest2 ppp0 \ --rateest-bps2 2mbit \ -j CONNMARK --set-mark 0x1 iptables -t mangle -A BALANCE -m state --state NEW \ -m helper --helper ftp \ -m rateest --rateest-delta \ --rateest1 ppp0 \ --rateest-bps1 2mbit \ --rateest-gt \ --rateest2 eth0 \ --rateest-bps2 2.5mbit \ -j CONNMARK --set-mark 0x2 iptables -t mangle -A BALANCE -j CONNMARK --restore-mark Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/netfilter/Kbuild1
-rw-r--r--include/linux/netfilter/xt_rateest.h33
2 files changed, 34 insertions, 0 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index 707a15854430..ac9e6429f747 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -30,6 +30,7 @@ header-y += xt_multiport.h
30header-y += xt_owner.h 30header-y += xt_owner.h
31header-y += xt_pkttype.h 31header-y += xt_pkttype.h
32header-y += xt_policy.h 32header-y += xt_policy.h
33header-y += xt_rateest.h
33header-y += xt_realm.h 34header-y += xt_realm.h
34header-y += xt_sctp.h 35header-y += xt_sctp.h
35header-y += xt_state.h 36header-y += xt_state.h
diff --git a/include/linux/netfilter/xt_rateest.h b/include/linux/netfilter/xt_rateest.h
new file mode 100644
index 000000000000..51948e15aea2
--- /dev/null
+++ b/include/linux/netfilter/xt_rateest.h
@@ -0,0 +1,33 @@
1#ifndef _XT_RATEEST_MATCH_H
2#define _XT_RATEEST_MATCH_H
3
4enum xt_rateest_match_flags {
5 XT_RATEEST_MATCH_INVERT = 1<<0,
6 XT_RATEEST_MATCH_ABS = 1<<1,
7 XT_RATEEST_MATCH_REL = 1<<2,
8 XT_RATEEST_MATCH_DELTA = 1<<3,
9 XT_RATEEST_MATCH_BPS = 1<<4,
10 XT_RATEEST_MATCH_PPS = 1<<5,
11};
12
13enum xt_rateest_match_mode {
14 XT_RATEEST_MATCH_NONE,
15 XT_RATEEST_MATCH_EQ,
16 XT_RATEEST_MATCH_LT,
17 XT_RATEEST_MATCH_GT,
18};
19
20struct xt_rateest_match_info {
21 char name1[IFNAMSIZ];
22 char name2[IFNAMSIZ];
23 u_int16_t flags;
24 u_int16_t mode;
25 u_int32_t bps1;
26 u_int32_t pps1;
27 u_int32_t bps2;
28 u_int32_t pps2;
29 struct xt_rateest *est1 __attribute__((aligned(8)));
30 struct xt_rateest *est2 __attribute__((aligned(8)));
31};
32
33#endif /* _XT_RATEEST_MATCH_H */