On 13/07/10 08:18, Changli Gao wrote: > On Tue, Jul 13, 2010 at 8:11 AM, Samuel Ortiz <sameo@xxxxxxxxxxxxxxx> wrote: >> >> The userspace notification Xtables target sends a netlink notification >> whenever a packet hits the target. Notifications have a label attribute >> for userspace to match it against a previously set rule. The rules also >> take a --all option to switch between sending a notification for all >> packets or for the first one only. >> Userspace can also send a netlink message to toggle this switch while the >> target is in place. This target uses the nefilter netlink framework. >> >> This target combined with various matches (quota, rateest, etc..) allows >> userspace to make decisions on interfaces handling. One could for example >> decide to switch between power saving modes depending on estimated rate >> thresholds. >> > > It much like the following iptables rules. > > iptables -N log_and_drop > iptables -A log_and_drop -j NFLOG --nflog-group 1 --nflog-prefix "log_and_drop" > iptables -A log_and_drop -j DROP > > ... > iptables ... -m quota --quota-bytes 20000 -j log_and_drop > ... Indeed, this looks to me like something that you can do with NFLOG and some combination of matches. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
