summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-08-18 01:46:06 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-08-22 11:42:18 +0200
commit3d2f30a1df907e3ef4175121f0d21456630a72aa (patch)
tree2b6b9df712759bfc4894fa679109a2d5d01a0629 /Documentation
parent2567c4eae1f31492b0f547409e035b9b0501326f (diff)
netfilter: nf_tables: add quota expression
This patch adds the quota expression. This new stateful expression integrate easily into the dynset expression to build 'hashquota' flow tables. Arguably, we could use instead "counter bytes > 1000" instead, but this approach has several problems: 1) We only support for one single stateful expression in dynamic set definitions, and the expression above is a composite of two expressions: get counter + comparison. 2) We would need to restore the packed counter representation (that we used to have) based on seqlock to synchronize this, since per-cpu is not suitable for this. So instead of bloating the counter expression back with the seqlock representation and extending the existing set infrastructure to make it more complex for the composite described above, let's follow the more simple approach of adding a quota expression that we can plug into our existing infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'Documentation')
0 files changed, 0 insertions, 0 deletions