git.ipfire.org Git - thirdparty/nftables.git/commit

author	Liping Zhang <zlpnobody@163.com>
	Sun, 25 Dec 2016 12:12:55 +0000 (20:12 +0800)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 16 Jan 2017 13:09:47 +0000 (14:09 +0100)
commit	e3ec9362f0edad08834cb8ba66bc45fdb0bf33f5
tree	383e1e10a0787e0cf10477cc493a8ea9a9ebb458	tree
parent	5d6e721c8fe31e14ddedb1a642553d072ec99bd1	commit \| diff

ct: add average bytes per packet counter support

Similar to connbytes extension in iptables, now you can use it to match
average bytes per packet a connection has transferred so far.

For example, match avgpkt in "BOTH" diretion:
  # nft add rule x y ct avgpkt \> 100

Match avgpkt in reply direction:
  # nft add rule x y ct reply avgpkt \< 900

Or match avgpkt in original direction:
  # nft add rule x y ct original avgpkt \> 200

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

doc/nft.xml		diff \| blob \| blame \| history
include/linux/netfilter/nf_tables.h		diff \| blob \| blame \| history
src/ct.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history
tests/py/any/ct.t		diff \| blob \| blame \| history
tests/py/any/ct.t.payload		diff \| blob \| blame \| history