]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b139f73) | patch
src: add support for stateful object maps
authorPablo Neira Ayuso <pablo@netfilter.org>
Sun, 27 Nov 2016 23:03:50 +0000 (00:03 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 3 Jan 2017 13:21:53 +0000 (14:21 +0100)
commitdeaf962ebd7c6b9d8a161d9378a710031e4f1dd6
tree8e885dfedb3eefafa29bd46edc1ebe09f5f8c41ctree
parentb139f738f558d6afb8c8f3e73526f578b059abd6commit | diff
src: add support for stateful object maps

You can create these maps using explicit map declarations:

 # nft add table filter
 # nft add chain filter input { type filter hook input priority 0\; }
 # nft add map filter badguys { type ipv4_addr : counter \; }
 # nft add rule filter input counter name ip saddr map @badguys
 # nft add counter filter badguy1
 # nft add counter filter badguy2
 # nft add element filter badguys { 192.168.2.3 : "badguy1" }
 # nft add element filter badguys { 192.168.2.4 : "badguy2" }

Or through implicit map definitions:

 table ip filter {
        counter http-traffic {
                packets 8 bytes 672
        }

        chain input {
                type filter hook input priority 0; policy accept;
                counter name tcp dport map { 80 : "http-traffic", 443 : "http-traffic"}
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/rule.h diff | blob | blame | history
src/evaluate.c diff | blob | blame | history
src/netlink.c diff | blob | blame | history
src/netlink_delinearize.c diff | blob | blame | history
src/netlink_linearize.c diff | blob | blame | history
src/parser_bison.y diff | blob | blame | history
src/rule.c diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables