limit: display default burst when listing ruleset

Default burst for limit is 5 for historical reasons but it is not
displayed when listing the ruleset.

Update listing to display the default burst to disambiguate.

man nft(8) has been recently updated to document this, no action in this
front is therefore required.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/statement.c b/src/statement.c
index 721739498e2eea16aaaee13241bb4bb946d6cb5f..66424eb420ab613071c1c30a28b48e2feecd93e6 100644 (file)
--- a/src/statement.c
+++ b/src/statement.c
@@ -486,9 +486,7 @@ static void limit_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
                nft_print(octx, "limit rate %s%" PRIu64 "/%s",
                          inv ? "over " : "", stmt->limit.rate,
                          get_unit(stmt->limit.unit));
-               if (stmt->limit.burst && stmt->limit.burst != 5)
-                       nft_print(octx, " burst %u packets",
-                                 stmt->limit.burst);
+               nft_print(octx, " burst %u packets", stmt->limit.burst);
                break;
        case NFT_LIMIT_PKT_BYTES:
                data_unit = get_rate(stmt->limit.rate, &rate);

diff --git a/tests/py/any/limit.t b/tests/py/any/limit.t
index 86e8d43009b9c42a238fad15d6026b924e3c8f3f..a04ef42af9317d504087a2a6d9c0c21b819bc474 100644 (file)
--- a/tests/py/any/limit.t
+++ b/tests/py/any/limit.t
@@ -9,11 +9,11 @@
 *bridge;test-bridge;output
 *netdev;test-netdev;ingress,egress
 
-limit rate 400/minute;ok
-limit rate 20/second;ok
-limit rate 400/hour;ok
-limit rate 40/day;ok
-limit rate 400/week;ok
+limit rate 400/minute;ok;limit rate 400/minute burst 5 packets
+limit rate 20/second;ok;limit rate 20/second burst 5 packets
+limit rate 400/hour;ok;limit rate 400/hour burst 5 packets
+limit rate 40/day;ok;limit rate 40/day burst 5 packets
+limit rate 400/week;ok;limit rate 400/week burst 5 packets
 limit rate 1023/second burst 10 packets;ok
 limit rate 1023/second burst 10 bytes;fail
 
@@ -35,11 +35,11 @@ limit rate 1025 kbytes/second burst 1023 kbytes;ok
 limit rate 1025 mbytes/second burst 1025 kbytes;ok
 limit rate 1025000 mbytes/second burst 1023 mbytes;ok
 
-limit rate over 400/minute;ok
-limit rate over 20/second;ok
-limit rate over 400/hour;ok
-limit rate over 40/day;ok
-limit rate over 400/week;ok
+limit rate over 400/minute;ok;limit rate over 400/minute burst 5 packets
+limit rate over 20/second;ok;limit rate over 20/second burst 5 packets
+limit rate over 400/hour;ok;limit rate over 400/hour burst 5 packets
+limit rate over 40/day;ok;limit rate over 40/day burst 5 packets
+limit rate over 400/week;ok;limit rate over 400/week burst 5 packets
 limit rate over 1023/second burst 10 packets;ok
 
 limit rate over 1 kbytes/second;ok

diff --git a/tests/shell/testcases/json/dumps/0001set_statements_0.nft b/tests/shell/testcases/json/dumps/0001set_statements_0.nft
index ee4a86705a94a03f5ff876694de6bc27ea790be5..d80a4321194311fd04d5684240990b8f1a8bc8c7 100644 (file)
--- a/tests/shell/testcases/json/dumps/0001set_statements_0.nft
+++ b/tests/shell/testcases/json/dumps/0001set_statements_0.nft
@@ -7,6 +7,6 @@ table ip testt {
 
        chain testc {
                type filter hook input priority filter; policy accept;
-               tcp dport 22 ct state new add @ssh_meter { ip saddr limit rate 10/second } accept
+               tcp dport 22 ct state new add @ssh_meter { ip saddr limit rate 10/second burst 5 packets } accept
        }
 }

diff --git a/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft b/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft
index 2bb35592588a7a3cf15d47ab82553102d6589adf..33b9e4ff7f2065401405c629fcddef8376ae00a8 100644 (file)
--- a/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft
+++ b/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft
@@ -13,6 +13,6 @@ table ip foo {
        set inflows_ratelimit {
                type ipv4_addr . inet_service . ifname . ipv4_addr . inet_service
                flags dynamic
-               elements = { 10.1.0.3 . 39466 . "veth1" . 10.3.0.99 . 5201 limit rate 1/second counter packets 0 bytes 0 }
+               elements = { 10.1.0.3 . 39466 . "veth1" . 10.3.0.99 . 5201 limit rate 1/second burst 5 packets counter packets 0 bytes 0 }
        }
 }

diff --git a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
index 5a6e3261b4ba7b2c062de1f48f1d285355043fca..0a4cb0a54d73030ba46eb4d687c2cd78667e0485 100644 (file)
--- a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
+++ b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft
@@ -8,6 +8,6 @@ table ip t {
        }
 
        chain c {
-               tcp dport 80 meter f size 1024 { ip saddr limit rate 10/second }
+               tcp dport 80 meter f size 1024 { ip saddr limit rate 10/second burst 5 packets }
        }
 }

diff --git a/tests/shell/testcases/sets/dumps/0038meter_list_0.nft b/tests/shell/testcases/sets/dumps/0038meter_list_0.nft
index c537aa1c702a81a613acb512c9a4dfd17d54902b..f274086b5285431462f7651c00010cb90b23ab96 100644 (file)
--- a/tests/shell/testcases/sets/dumps/0038meter_list_0.nft
+++ b/tests/shell/testcases/sets/dumps/0038meter_list_0.nft
@@ -6,6 +6,6 @@ table ip t {
        }
 
        chain c {
-               tcp dport 80 meter m size 128 { ip saddr limit rate 10/second }
+               tcp dport 80 meter m size 128 { ip saddr limit rate 10/second burst 5 packets }
        }
 }

diff --git a/tests/shell/testcases/sets/dumps/0059set_update_multistmt_0.nft b/tests/shell/testcases/sets/dumps/0059set_update_multistmt_0.nft
index 1b0ffae4d6513848166296dcfa7b8ae82c96117c..c1cc3b51d2bcbd1274ad7888587ff31494c98b41 100644 (file)
--- a/tests/shell/testcases/sets/dumps/0059set_update_multistmt_0.nft
+++ b/tests/shell/testcases/sets/dumps/0059set_update_multistmt_0.nft
@@ -8,6 +8,6 @@ table ip x {
 
        chain z {
                type filter hook output priority filter; policy accept;
-               update @y { ip daddr limit rate 1/second counter }
+               update @y { ip daddr limit rate 1/second burst 5 packets counter }
        }
 }

diff --git a/tests/shell/testcases/sets/dumps/0060set_multistmt_0.nft b/tests/shell/testcases/sets/dumps/0060set_multistmt_0.nft
index f23db53436fe1fb486691fde3d11634cc6756b18..df68fcdf89e6b621c73509ce10ca5213d562ec2a 100644 (file)
--- a/tests/shell/testcases/sets/dumps/0060set_multistmt_0.nft
+++ b/tests/shell/testcases/sets/dumps/0060set_multistmt_0.nft
@@ -1,9 +1,9 @@
 table ip x {
        set y {
                type ipv4_addr
-               limit rate 1/second counter
-               elements = { 1.1.1.1 limit rate 1/second counter packets 0 bytes 0, 4.4.4.4 limit rate 1/second counter packets 0 bytes 0,
-                            5.5.5.5 limit rate 1/second counter packets 0 bytes 0 }
+               limit rate 1/second burst 5 packets counter
+               elements = { 1.1.1.1 limit rate 1/second burst 5 packets counter packets 0 bytes 0, 4.4.4.4 limit rate 1/second burst 5 packets counter packets 0 bytes 0,
+                            5.5.5.5 limit rate 1/second burst 5 packets counter packets 0 bytes 0 }
        }
 
        chain y {