const char *str, uint64_t *rate,
uint64_t *unit);
+extern struct error_record *data_unit_parse(const struct location *loc,
+ const char *str, uint64_t *rate);
+
#endif /* NFTABLES_DATATYPE_H */
uint64_t rate;
uint64_t unit;
enum nft_limit_type type;
+ uint32_t burst;
};
extern struct stmt *limit_stmt_alloc(const struct location *loc);
return NULL;
}
-static struct error_record *data_unit_parse(const struct location *loc,
- const char *str, uint64_t *rate)
+struct error_record *data_unit_parse(const struct location *loc,
+ const char *str, uint64_t *rate)
{
if (strncmp(str, "bytes", strlen("bytes")) == 0)
*rate = 1ULL;
stmt->limit.rate = nftnl_expr_get_u64(nle, NFTNL_EXPR_LIMIT_RATE);
stmt->limit.unit = nftnl_expr_get_u64(nle, NFTNL_EXPR_LIMIT_UNIT);
stmt->limit.type = nftnl_expr_get_u32(nle, NFTNL_EXPR_LIMIT_TYPE);
+ stmt->limit.burst = nftnl_expr_get_u32(nle, NFTNL_EXPR_LIMIT_BURST);
list_add_tail(&stmt->list, &ctx->rule->stmts);
}
nftnl_expr_set_u64(nle, NFTNL_EXPR_LIMIT_RATE, stmt->limit.rate);
nftnl_expr_set_u64(nle, NFTNL_EXPR_LIMIT_UNIT, stmt->limit.unit);
nftnl_expr_set_u32(nle, NFTNL_EXPR_LIMIT_TYPE, stmt->limit.type);
+ if (stmt->limit.burst > 0)
+ nftnl_expr_set_u32(nle, NFTNL_EXPR_LIMIT_BURST,
+ stmt->limit.burst);
+
nftnl_rule_add_expr(ctx->nlr, nle);
}
%token LIMIT "limit"
%token RATE "rate"
+%token BURST "burst"
%token NANOSECOND "nanosecond"
%token MICROSECOND "microsecond"
%type <val> level_type
%type <stmt> limit_stmt
%destructor { stmt_free($$); } limit_stmt
-%type <val> time_unit
+%type <val> limit_burst time_unit
%type <stmt> reject_stmt reject_stmt_alloc
%destructor { stmt_free($$); } reject_stmt reject_stmt_alloc
%type <stmt> nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc
| LEVEL_DEBUG { $$ = LOG_DEBUG; }
;
-limit_stmt : LIMIT RATE NUM SLASH time_unit
+limit_stmt : LIMIT RATE NUM SLASH time_unit limit_burst
{
$$ = limit_stmt_alloc(&@$);
$$->limit.rate = $3;
$$->limit.unit = $5;
+ $$->limit.burst = $6;
$$->limit.type = NFT_LIMIT_PKTS;
}
- | LIMIT RATE NUM STRING
+ | LIMIT RATE NUM STRING limit_burst
{
struct error_record *erec;
uint64_t rate, unit;
$$ = limit_stmt_alloc(&@$);
$$->limit.rate = rate * $3;
$$->limit.unit = unit;
+ $$->limit.burst = $5;
$$->limit.type = NFT_LIMIT_PKT_BYTES;
}
;
+limit_burst : /* empty */ { $$ = 0; }
+ | BURST NUM PACKETS { $$ = $2; }
+ | BURST NUM BYTES { $$ = $2; }
+ | BURST NUM STRING
+ {
+ struct error_record *erec;
+ uint64_t rate;
+
+ erec = data_unit_parse(&@$, $3, &rate);
+ if (erec != NULL) {
+ erec_queue(erec, state->msgs);
+ YYERROR;
+ }
+ $$ = $2 * rate;
+ }
+ ;
+
time_unit : SECOND { $$ = 1ULL; }
| MINUTE { $$ = 1ULL * 60; }
| HOUR { $$ = 1ULL * 60 * 60; }
"limit" { return LIMIT; }
"rate" { return RATE; }
+"burst" { return BURST; }
"nanosecond" { return NANOSECOND; }
"microsecond" { return MICROSECOND; }
case NFT_LIMIT_PKTS:
printf("limit rate %" PRIu64 "/%s",
stmt->limit.rate, get_unit(stmt->limit.unit));
+ if (stmt->limit.burst > 0)
+ printf(" burst %u packets", stmt->limit.burst);
break;
case NFT_LIMIT_PKT_BYTES:
data_unit = get_rate(stmt->limit.rate, &rate);
printf("limit rate %" PRIu64 " %s/%s",
rate, data_unit, get_unit(stmt->limit.unit));
+ if (stmt->limit.burst > 0) {
+ uint64_t burst;
+
+ data_unit = get_rate(stmt->limit.burst, &burst);
+ printf(" burst %"PRIu64" %s", burst, data_unit);
+ }
break;
}
}
projects / thirdparty / nftables.git / commitdiff
