From 285baccfea46aa61e4ed4777da23105ccf19218b Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 17 Dec 2020 12:36:38 +0100
Subject: src: disallow burst 0 in ratelimits

The ratelimiter in nftables is similar to the one in iptables, and
iptables disallows a zero burst.

Update the byte rate limiter not to print burst 5 (default value).

Update tests/py payloads to print burst 5 instead of zero when the
burst is unspecified.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/statements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/statements.txt b/doc/statements.txt
index beebba16..aac7c7d6 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -324,7 +324,8 @@ ____
 A limit statement matches at a limited rate using a token bucket filter. A rule
 using this statement will match until this limit is reached. It can be used in
 combination with the log statement to give limited logging. The optional
-*over* keyword makes it match over the specified rate.
+*over* keyword makes it match over the specified rate. Default *burst* is 5.
+if you specify *burst*, it must be non-zero value.
 
 .limit statement values
 [options="header"]
-- 
cgit v1.2.3