[iptables] manpages: add missing rateest match documentation

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Fri Aug 15 22:14:05 CEST 2008


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=a47bb4a9fa24db2f3ba6559c9175f3f1144ee74c
commit a47bb4a9fa24db2f3ba6559c9175f3f1144ee74c
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Aug 15 22:13:57 2008 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Fri Aug 15 22:13:57 2008 +0200

    manpages: add missing rateest match documentation
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  a47bb4a9fa24db2f3ba6559c9175f3f1144ee74c (commit)
      from  7d0917b8f94ffc9dd236799cff86e80daf5dd340 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a47bb4a9fa24db2f3ba6559c9175f3f1144ee74c
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Fri Aug 15 22:13:57 2008 +0200

    manpages: add missing rateest match documentation
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 extensions/libxt_rateest.man |   55 ++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 55 insertions(+), 0 deletions(-)
 create mode 100644 extensions/libxt_rateest.man
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/extensions/libxt_rateest.man b/extensions/libxt_rateest.man
new file mode 100644
index 0000000..6d32d51
--- /dev/null
+++ b/extensions/libxt_rateest.man
@@ -0,0 +1,55 @@
+The rate estimator can match on estimated rates as collected by the RATEEST
+target. It supports matching on absolute bps/pps values, comparing two rate
+estimators and matching on the difference between two rate estimators.
+.TP
+\fB--rateest1\fP \fIname\fP
+Name of the first rate estimator.
+.TP
+\fB--rateest2\fP \fIname\fP
+Name of the second rate estimator (if difference is to be calculated).
+.TP
+\fB--rateest-delta\fP
+Compare difference(s) to given rate(s)
+.TP
+\fB--rateest1-bps\fP \fIvalue\fP
+.TP
+\fB--rateest2-bps\fP \fIvalue\fP
+Compare bytes per second.
+.TP
+\fB--rateest1-pps\fP \fIvalue\fP
+.TP
+\fB--rateest2-pps\fP \fIvalue\fP
+Compare packets per second.
+.TP
+[\fB!\fP] \fB--rateest-lt\fP
+Match if rate is less than given rate/estimator.
+.TP
+[\fB!\fP] \fB--rateest-gt\fP
+Match if rate is greater than given rate/estimator.
+.TP
+[\fB!\fP] \fB--rateest-eq\fP
+Match if rate is equal to given rate/estimator.
+.PP
+Example: This is what can be used to route outgoing data connections from an
+FTP server over two lines based on the available bandwidth at the time the data
+connection was started:
+.PP
+# Estimate outgoing rates
+.PP
+iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0
+--rateest-interval 250ms --rateest-ewma 0.5s
+.PP
+iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0
+--rateest-interval 250ms --rateest-ewma 0.5s
+.PP
+# Mark based on available bandwidth
+.PP
+iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper ftp
+-m rateest --rateest-delta --rateest1 eth0 --rateest-bps1 2.5mbit --rateest-gt
+--rateest2 ppp0 --rateest-bps2 2mbit -j CONNMARK --set-mark 1
+.PP
+iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper ftp
+-m rateest --rateest-delta --rateest1 ppp0 --rateest-bps1 2mbit --rateest-gt
+--rateest2 eth0 --rateest-bps2 2.5mbit -j CONNMARK --set-mark 2
+.PP
+iptables -t mangle -A balance -j CONNMARK --restore-mark



More information about the netfilter-cvslog mailing list