parser_bison: allow 0 burst in limit rate byte mode

Unbreak restoring elements in set with rate limit that fail with:

> /dev/stdin:3618:61-61: Error: limit burst must be > 0
>                  elements = { 1.2.3.4 limit rate over 1000 kbytes/second timeout 1s,

no need for burst != 0 for limit rate byte mode.

Add tests/shell too.

Fixes: 702eff5b5b74 ("src: allow burst 0 for byte ratelimit and use it as default")
Fixes: 285baccfea46 ("src: disallow burst 0 in ratelimits")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 24 insertions, 0 deletions

diff --git a/tests/shell/testcases/sets/dumps/elem_limit_0.nft b/tests/shell/testcases/sets/dumps/elem_limit_0.nft
new file mode 100644
index 00000000..ca5b2b54
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/elem_limit_0.nft
@@ -0,0 +1,7 @@
+table netdev filter {
+	set test123 {
+		typeof ip saddr
+		limit rate over 1 mbytes/second
+		elements = { 1.2.3.4 limit rate over 1 mbytes/second }
+	}
+}
diff --git a/tests/shell/testcases/sets/elem_limit_0 b/tests/shell/testcases/sets/elem_limit_0
new file mode 100755
index 00000000..b57f9274
--- /dev/null
+++ b/tests/shell/testcases/sets/elem_limit_0
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+## requires EXPR
+
+set -e
+
+RULESET="table netdev filter {
+	set test123 {
+		typeof ip saddr
+		limit rate over 1024 kbytes/second
+		elements = { 1.2.3.4 limit rate over 1024 kbytes/second }
+	}
+}"
+
+$NFT -f - <<< $RULESET
+
+(echo "flush ruleset netdev"; $NFT --stateless list ruleset netdev) | $NFT -f -