diff options
| author | Harald Welte <laforge@netfilter.org> | 2005-08-13 16:56:26 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2005-08-29 18:58:04 -0400 |
| commit | 9d810fd2d28a9d672eca3136476af1a54a380bb2 (patch) | |
| tree | 1eaa57851bbc1eeee094b92c539de8e7509aa297 /include | |
| parent | 0ba2c6e8c0fb5cde5a23a213c2e7cb851b85c310 (diff) | |
[NETFILTER]: Add new iptables "connbytes" match
This patch ads a new "connbytes" match that utilizes the CONFIG_NF_CT_ACCT
per-connection byte and packet counters. Using it you can do things like
packet classification on average packet size within a connection.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter_ipv4/ipt_connbytes.h | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ipt_connbytes.h b/include/linux/netfilter_ipv4/ipt_connbytes.h new file mode 100644 index 000000000000..abaa65afd4e9 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_connbytes.h | |||
| @@ -0,0 +1,25 @@ | |||
| 1 | #ifndef _IPT_CONNBYTES_H | ||
| 2 | #define _IPT_CONNBYTES_H | ||
| 3 | |||
| 4 | enum ipt_connbytes_what { | ||
| 5 | IPT_CONNBYTES_WHAT_PKTS, | ||
| 6 | IPT_CONNBYTES_WHAT_BYTES, | ||
| 7 | IPT_CONNBYTES_WHAT_AVGPKT, | ||
| 8 | }; | ||
| 9 | |||
| 10 | enum ipt_connbytes_direction { | ||
| 11 | IPT_CONNBYTES_DIR_ORIGINAL, | ||
| 12 | IPT_CONNBYTES_DIR_REPLY, | ||
| 13 | IPT_CONNBYTES_DIR_BOTH, | ||
| 14 | }; | ||
| 15 | |||
| 16 | struct ipt_connbytes_info | ||
| 17 | { | ||
| 18 | struct { | ||
| 19 | aligned_u64 from; /* count to be matched */ | ||
| 20 | aligned_u64 to; /* count to be matched */ | ||
| 21 | } count; | ||
| 22 | u_int8_t what; /* ipt_connbytes_what */ | ||
| 23 | u_int8_t direction; /* ipt_connbytes_direction */ | ||
| 24 | }; | ||
| 25 | #endif | ||