netfilter: xtables: add nfacct match to support extended accounting
This patch adds the match that allows to perform extended accounting. It requires the new nfnetlink_acct infrastructure. # iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic # iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
parent
9413902796
commit
ceb98d03ea
5 changed files with 101 additions and 0 deletions
|
|
@ -23,6 +23,7 @@ header-y += xt_DSCP.h
|
|||
header-y += xt_IDLETIMER.h
|
||||
header-y += xt_LED.h
|
||||
header-y += xt_MARK.h
|
||||
header-y += xt_nfacct.h
|
||||
header-y += xt_NFLOG.h
|
||||
header-y += xt_NFQUEUE.h
|
||||
header-y += xt_RATEEST.h
|
||||
|
|
|
|||
13
include/linux/netfilter/xt_nfacct.h
Normal file
13
include/linux/netfilter/xt_nfacct.h
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
#ifndef _XT_NFACCT_MATCH_H
|
||||
#define _XT_NFACCT_MATCH_H
|
||||
|
||||
#include <linux/netfilter/nfnetlink_acct.h>
|
||||
|
||||
struct nf_acct;
|
||||
|
||||
struct xt_nfacct_match_info {
|
||||
char name[NFACCT_NAME_MAX];
|
||||
struct nf_acct *nfacct;
|
||||
};
|
||||
|
||||
#endif /* _XT_NFACCT_MATCH_H */
|
||||
Loading…
Add table
Add a link
Reference in a new issue