git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 9 Dec 2015 21:55:30 +0000 (22:55 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 14 Jan 2016 17:54:39 +0000 (18:54 +0100)
commit	3f5ef7d63f9ef70855dedd9b5aa7eba2f63a1ec7
tree	f4defb46c5fd28345ebb21c0c3828e1eb0cd23b4	tree \| snapshot
parent	510e800e72e177a9070129b63fa232f065f54c02	commit \| diff

src: support limit rate over value

So far it was only possible to match packet under a rate limit, this
patch allows you to explicitly indicate if you want to match packets
that goes over or until the rate limit, eg.

... limit rate over 3/second counter log prefix "OVERLIMIT: " drop
... limit rate over 3 mbytes/second counter log prefix "OVERLIMIT: " drop
... ct state invalid limit rate until 1/second counter log prefix "INVALID: "

When listing rate limit until, this shows:

... ct state invalid limit rate 1/second counter log prefix "INVALID: "

thus, the existing syntax is still valid (i.e. default to rate limit until).

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/linux/netfilter/nf_tables.h		diff \| blob \| blame \| history
include/statement.h		diff \| blob \| blame \| history
src/netlink_delinearize.c		diff \| blob \| blame \| history
src/netlink_linearize.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history
src/statement.c		diff \| blob \| blame \| history
tests/py/any/limit.t		diff \| blob \| blame \| history
tests/py/any/limit.t.payload		diff \| blob \| blame \| history