]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9f3cce6) | patch
src: add flow statement
authorPatrick McHardy <kaber@trash.net>
Wed, 27 Apr 2016 11:29:50 +0000 (12:29 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 13 May 2016 17:30:29 +0000 (19:30 +0200)
commit3ed5e31f4a323d7f054b6120d05134195dc681f0
tree5daa5afd681e9b3dbada6405659cd11cefc19554tree
parent9f3cce668b72c9ec9d9e0a6071d132a8f35d7b70commit | diff
src: add flow statement

The flow statement allows to instantiate per flow statements for user
defined flows. This can so far be used for per flow accounting or limiting,
similar to what the iptables hashlimit provides. Flows can be aged using
the timeout option.

Examples:

 # nft filter input flow ip saddr . tcp dport limit rate 10/second
 # nft filter input flow table acct iif . ip saddr timeout 60s counter

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 files changed:
include/expression.h diff | blob | blame | history
include/netlink.h diff | blob | blame | history
include/rule.h diff | blob | blame | history
include/statement.h diff | blob | blame | history
src/evaluate.c diff | blob | blame | history
src/expression.c diff | blob | blame | history
src/netlink.c diff | blob | blame | history
src/netlink_delinearize.c diff | blob | blame | history
src/netlink_linearize.c diff | blob | blame | history
src/parser_bison.y diff | blob | blame | history
src/scanner.l diff | blob | blame | history
src/statement.c diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables