summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-08-17 23:46:06 (GMT)
committerPablo Neira Ayuso <pablo@netfilter.org>2016-08-22 09:42:18 (GMT)
commit3d2f30a1df907e3ef4175121f0d21456630a72aa (patch)
tree2b6b9df712759bfc4894fa679109a2d5d01a0629 /scripts
parent2567c4eae1f31492b0f547409e035b9b0501326f (diff)
downloadlinux-3d2f30a1df907e3ef4175121f0d21456630a72aa.tar.xz
netfilter: nf_tables: add quota expression
This patch adds the quota expression. This new stateful expression integrate easily into the dynset expression to build 'hashquota' flow tables. Arguably, we could use instead "counter bytes > 1000" instead, but this approach has several problems: 1) We only support for one single stateful expression in dynamic set definitions, and the expression above is a composite of two expressions: get counter + comparison. 2) We would need to restore the packed counter representation (that we used to have) based on seqlock to synchronize this, since per-cpu is not suitable for this. So instead of bloating the counter expression back with the seqlock representation and extending the existing set infrastructure to make it more complex for the composite described above, let's follow the more simple approach of adding a quota expression that we can plug into our existing infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions