From: Liping Zhang <liping.zh...@spreadtrum.com>
For example:
# iptables-translate -A OUTPUT -m quota --quota 111
nft add rule ip filter OUTPUT quota 111 bytes counter
# iptables-translate -A OUTPUT -m quota ! --quota 111
nft add rule ip filter OUTPUT quota over 111 bytes counter
Signed-off-by: Liping Zhang <liping.zh...@spreadtrum.com>
---
extensions/libxt_quota.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c
index ff7dd2a..bad77d2 100644
--- a/extensions/libxt_quota.c
+++ b/extensions/libxt_quota.c
@@ -50,6 +50,17 @@ static void quota_parse(struct xt_option_call *cb)
info->flags |= XT_QUOTA_INVERT;
}
+static int quota_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_mt_params *params)
+{
+ const struct xt_quota_info *q = (void *)params->match->data;
+
+ xt_xlate_add(xl, "quota %s%llu bytes",
+ q->flags & XT_QUOTA_INVERT ? "over " : "",
+ (unsigned long long) q->quota);
+ return 1;
+}
+
static struct xtables_match quota_match = {
.family = NFPROTO_UNSPEC,
.name = "quota",
@@ -61,6 +72,7 @@ static struct xtables_match quota_match = {
.save = quota_save,
.x6_parse = quota_parse,
.x6_options = quota_opts,
+ .xlate = quota_xlate,
};
void
--
2.5.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
