libxt_connbytes.man revision a73a34ad9c9bb30dafbd7b5ca15b902e83c50ee2
12a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)Match by how many bytes or packets a connection (or one of the two 22a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)flows constituting the connection) has transferred so far, or by 32a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)average bytes per packet. 42a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles).PP 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)The counters are 64-bit and are thus not expected to overflow ;) 62a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles).PP 72a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)The primary use is to detect long-lived downloads and mark them to be 82a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)scheduled using a lower priority band in traffic control. 92a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles).PP 102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)The transferred bytes per connection can also be viewed through 112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)`conntrack -L` and accessed via ctnetlink. 12ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch.TP 132a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)[\fB!\fP] \fB\-\-connbytes\fP \fIfrom\fP[\fB:\fP\fIto\fP] 142a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)match packets from a connection whose packets/bytes/average packet 152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)size is more than FROM and less than TO bytes/packets. if TO is 162a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)omitted only FROM check is done. "!" is used to match packets not 172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)falling in the range. 182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles).TP 192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)\fB\-\-connbytes\-dir\fP {\fBoriginal\fP|\fBreply\fP|\fBboth\fP} 202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)which packets to consider 212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles).TP 222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)\fB\-\-connbytes\-mode\fP {\fBpackets\fP|\fBbytes\fP|\fBavgpkt\fP} 232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)whether to check the amount of packets, number of bytes transferred or 242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)the average size (in bytes) of all packets received so far. Note that 252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)when "both" is used together with "avgpkt", and data is going (mainly) 262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)only in one direction (for example HTTP), the average packet size will 272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)be about half of the actual data packets. 282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles).TP 292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)Example: 302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)iptables .. \-m connbytes \-\-connbytes 10000:100000 \-\-connbytes\-dir both \-\-connbytes\-mode bytes ... 312a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)