Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx> wrote:
> Am 1. April 2021 20:14:14 MESZ schrieb Florian Westphal <fw@xxxxxxxxx>:
> >map voipcounters {
> > type ipv4_addr . inet_service : counter
> > elements = { 10.0.1.1 . 5160 : "voip1", 10.2.1.1 . 5161 : ...
> >
> >and then count with one rule only:
> >
> >counter name ip saddr . udp dport map @voipcounters
>
> Have seen maps,but have not understood them :(
Its just a set that returns a value instead of simple 'in set/not in
set'.
> The ip is always same ($ipvoipbox),only port differs (sip1+sip2) and this bidirectional (saddr/daddr,sport/dport) to catch traffic from/to this ip separated by sip-streams.
>
> Your example seems to match only source-addr and destination port.
Yes, it was an example.
> Maybe its possible to match "addr" (saddr or daddr) and "port" (sport or dport),so i can have only 2 rules...with map maybe only 1
There is no 'or', so you will need two rules at a minimum if you want to
match in either direction.
map voipcounters {
type inet_service : counter
elements = { 5160 : "voip1", 5161 : "voip2" }
}
ip saddr $ipvoipbox counter name udp sport map @voipcounters
ip daddr $ipvoipbox counter name udp dport map @voipcounters
This says 'fetch name of counter to use from @voipcounters, with 'udp
sport/udp dport' as search key.
but with just two counters its not worth it.
