projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 371ebcb) | patch
netfilter: nf_tables: add connlimit support
authorPablo Neira Ayuso <pablo@netfilter.org>
Sat, 2 Jun 2018 19:38:51 +0000 (21:38 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sat, 2 Jun 2018 23:18:29 +0000 (01:18 +0200)
commit290180e2448c02d6b391455937098882a73a9494
tree46a80a6504c141f693b7c59a3fc05b6fbbe12d45tree | snapshot
parent371ebcbb9ee62fb46a0a27f358941588f7048678commit | diff
netfilter: nf_tables: add connlimit support

This features which allows you to limit the maximum number of
connections per arbitrary key. The connlimit expression is stateful,
therefore it can be used from meters to dynamically populate a set, this
provides a mapping to the iptables' connlimit match. This patch also
comes that allows you define static connlimit policies.

This extension depends on the nf_conncount infrastructure.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/uapi/linux/netfilter/nf_tables.h diff | blob | history
net/netfilter/Kconfig diff | blob | history
net/netfilter/Makefile diff | blob | history
net/netfilter/nft_connlimit.c [new file with mode: 0644] blob
Domain: System / Kernel;