git.ipfire.org Git - thirdparty/nftables.git/commit

author	Jeremy Sowden <jeremy@azazel.net>
	Fri, 29 Oct 2021 20:40:09 +0000 (21:40 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 3 Nov 2021 11:48:19 +0000 (12:48 +0100)
commit	dd0e717827d8dff3b762a8ebbf15bf57aa4012cb
tree	8f0fc61059b4563635f1af7bcab2412395ebf167	tree
parent	ab0c2b2db6f8fb6153d9f8218895482543d5c072	commit \| diff

parser: extend limit syntax

The documentation describes the syntax of limit statements thus:

  limit rate [over] packet_number / TIME_UNIT [burst packet_number packets]
  limit rate [over] byte_number BYTE_UNIT / TIME_UNIT [burst byte_number BYTE_UNIT]

  TIME_UNIT := second | minute | hour | day
  BYTE_UNIT := bytes | kbytes | mbytes

From this one might infer that a limit may be specified by any of the
following:

  limit rate 1048576/second
  limit rate 1048576 mbytes/second

  limit rate 1048576 / second
  limit rate 1048576 mbytes / second

However, the last does not currently parse:

  $ sudo /usr/sbin/nft add filter input limit rate 1048576 mbytes / second
  Error: wrong rate format
  add filter input limit rate 1048576 mbytes / second
                   ^^^^^^^^^^^^^^^^^^^^^^^^^

Extend the `limit_rate_bytes` parser rule to support it, and add some
new Python test-cases.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/parser_bison.y		diff \| blob \| blame \| history
tests/py/any/limit.t		diff \| blob \| blame \| history
tests/py/any/limit.t.json		diff \| blob \| blame \| history
tests/py/any/limit.t.payload		diff \| blob \| blame \| history