Burst can be either bytes or packets, depending on the rate limit unit.
# nft add rule x y iif eth0 limit rate 512 kbytes/second burst 5 packets
Error: syntax error, unexpected packets, expecting string or bytes
add rule x y iif eth0 limit rate 512 kbytes/second burst 5 packets
^^^^^^^
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1306
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
src/parser_bison.y | 15 +++++++++------
tests/py/any/limit.t | 2 ++
2 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index e73e1ecd0805..34202b0415ec 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -590,7 +590,7 @@ int nft_lex(void *, void *, void *);
%type <val> level_type log_flags log_flags_tcp log_flag_tcp
%type <stmt> limit_stmt quota_stmt connlimit_stmt
%destructor { stmt_free($$); } limit_stmt quota_stmt connlimit_stmt
-%type <val> limit_burst limit_mode time_unit quota_mode
+%type <val> limit_burst_pkts limit_burst_bytes limit_mode
time_unit quota_mode
%type <stmt> reject_stmt reject_stmt_alloc
%destructor { stmt_free($$); } reject_stmt reject_stmt_alloc
%type <stmt> nat_stmt nat_stmt_alloc masq_stmt
masq_stmt_alloc redir_stmt redir_stmt_alloc
@@ -2475,7 +2475,7 @@ log_flag_tcp : SEQUENCE
}
;
-limit_stmt : LIMIT RATE limit_mode NUM SLASH
time_unit limit_burst
+limit_stmt : LIMIT RATE limit_mode NUM SLASH
time_unit limit_burst_pkts
{
$$ = limit_stmt_alloc(&@$);
$$->limit.rate = $4;
@@ -2484,7 +2484,7 @@ limit_stmt : LIMIT RATE
limit_mode NUM SLASH time_unit limit_burst
$$->limit.type = NFT_LIMIT_PKTS;
$$->limit.flags = $3;
}
- | LIMIT RATE limit_mode NUM STRING
limit_burst
+ | LIMIT RATE limit_mode NUM STRING
limit_burst_bytes
{
struct error_record *erec;
uint64_t rate, unit;
@@ -2565,8 +2565,11 @@ limit_mode : OVER
{ $$ = NFT_LIMIT_F_INV; }
| /* empty */ { $$ = 0; }
;
-limit_burst : /* empty */ { $$ = 0; }
+limit_burst_pkts : /* empty */ { $$ = 0; }
| BURST NUM PACKETS { $$ = $2; }
+ ;
+
+limit_burst_bytes : /* empty */ { $$ = 0; }
| BURST NUM BYTES { $$ = $2; }
| BURST NUM STRING
{
@@ -3532,7 +3535,7 @@ ct_obj_alloc :
}
;
-limit_config : RATE limit_mode NUM SLASH
time_unit limit_burst
+limit_config : RATE limit_mode NUM SLASH
time_unit limit_burst_pkts
{
struct limit *limit;
limit = xzalloc(sizeof(*limit));
@@ -3543,7 +3546,7 @@ limit_config : RATE limit_mode
NUM SLASH time_unit limit_burst
limit->flags = $2;
$$ = limit;
}
- | RATE limit_mode NUM STRING
limit_burst
+ | RATE limit_mode NUM STRING
limit_burst_bytes
{
struct limit *limit;
struct error_record *erec;
diff --git a/tests/py/any/limit.t b/tests/py/any/limit.t
index 8180bea3ddae..ef7f93133297 100644
--- a/tests/py/any/limit.t
+++ b/tests/py/any/limit.t
@@ -14,6 +14,7 @@ limit rate 400/hour;ok
limit rate 40/day;ok
limit rate 400/week;ok
limit rate 1023/second burst 10 packets;ok
+limit rate 1023/second burst 10 bytes;fail
limit rate 1 kbytes/second;ok
limit rate 2 kbytes/second;ok
@@ -21,6 +22,7 @@ limit rate 1025 kbytes/second;ok
limit rate 1023 mbytes/second;ok
limit rate 10230 mbytes/second;ok
limit rate 1023000 mbytes/second;ok
+limit rate 512 kbytes/second burst 5 packets;fail
limit rate 1025 bytes/second burst 512 bytes;ok
limit rate 1025 kbytes/second burst 1023 kbytes;ok
--
2.11.0
