|
Packit Service |
d1fe03 |
Match by how many bytes or packets a connection (or one of the two
|
|
Packit Service |
d1fe03 |
flows constituting the connection) has transferred so far, or by
|
|
Packit Service |
d1fe03 |
average bytes per packet.
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
The counters are 64-bit and are thus not expected to overflow ;)
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
The primary use is to detect long-lived downloads and mark them to be
|
|
Packit Service |
d1fe03 |
scheduled using a lower priority band in traffic control.
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
The transferred bytes per connection can also be viewed through
|
|
Packit Service |
d1fe03 |
`conntrack \-L` and accessed via ctnetlink.
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
NOTE that for connections which have no accounting information, the match will
|
|
Packit Service |
d1fe03 |
always return false. The "net.netfilter.nf_conntrack_acct" sysctl flag controls
|
|
Packit Service |
d1fe03 |
whether \fBnew\fP connections will be byte/packet counted. Existing connection
|
|
Packit Service |
d1fe03 |
flows will not be gaining/losing a/the accounting structure when be sysctl flag
|
|
Packit Service |
d1fe03 |
is flipped.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
[\fB!\fP] \fB\-\-connbytes\fP \fIfrom\fP[\fB:\fP\fIto\fP]
|
|
Packit Service |
d1fe03 |
match packets from a connection whose packets/bytes/average packet
|
|
Packit Service |
d1fe03 |
size is more than FROM and less than TO bytes/packets. if TO is
|
|
Packit Service |
d1fe03 |
omitted only FROM check is done. "!" is used to match packets not
|
|
Packit Service |
d1fe03 |
falling in the range.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
\fB\-\-connbytes\-dir\fP {\fBoriginal\fP|\fBreply\fP|\fBboth\fP}
|
|
Packit Service |
d1fe03 |
which packets to consider
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
\fB\-\-connbytes\-mode\fP {\fBpackets\fP|\fBbytes\fP|\fBavgpkt\fP}
|
|
Packit Service |
d1fe03 |
whether to check the amount of packets, number of bytes transferred or
|
|
Packit Service |
d1fe03 |
the average size (in bytes) of all packets received so far. Note that
|
|
Packit Service |
d1fe03 |
when "both" is used together with "avgpkt", and data is going (mainly)
|
|
Packit Service |
d1fe03 |
only in one direction (for example HTTP), the average packet size will
|
|
Packit Service |
d1fe03 |
be about half of the actual data packets.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
Example:
|
|
Packit Service |
d1fe03 |
iptables .. \-m connbytes \-\-connbytes 10000:100000 \-\-connbytes\-dir both \-\-connbytes\-mode bytes ...
|