diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-09-19 15:25:43 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-03 12:23:37 +0100 |
| commit | 2837ca31aff94022d453a2126710edf51d53bad5 (patch) | |
| tree | d27695288b84728e67fa0df3cd712e69b7a88c5c | |
| parent | c6b749958d54ff74af39e0271b5f615dc14f743c (diff) | |
limit: display default burst when listing ruleset
commit 7360ab610164c7457b1024419ee046a4d05a6e2f upstream.
Default burst for limit is 5 for historical reasons but it is not
displayed when listing the ruleset.
Update listing to display the default burst to disambiguate.
man nft(8) has been recently updated to document this, no action in this
front is therefore required.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/statement.c | 4 | ||||
| -rw-r--r-- | tests/py/any/limit.t | 20 | ||||
| -rw-r--r-- | tests/shell/testcases/json/dumps/0001set_statements_0.nft | 2 | ||||
| -rw-r--r-- | tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft | 2 | ||||
| -rw-r--r-- | tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft | 2 | ||||
| -rw-r--r-- | tests/shell/testcases/sets/dumps/0038meter_list_0.nft | 11 | ||||
| -rw-r--r-- | tests/shell/testcases/sets/dumps/0059set_update_multistmt_0.nft | 2 | ||||
| -rw-r--r-- | tests/shell/testcases/sets/dumps/0060set_multistmt_0.nft | 6 |
8 files changed, 29 insertions, 20 deletions
diff --git a/src/statement.c b/src/statement.c index eafc51c4..c15c027f 100644 --- a/src/statement.c +++ b/src/statement.c @@ -455,9 +455,7 @@ static void limit_stmt_print(const struct stmt *stmt, struct output_ctx *octx) nft_print(octx, "limit rate %s%" PRIu64 "/%s", inv ? "over " : "", stmt->limit.rate, get_unit(stmt->limit.unit)); - if (stmt->limit.burst && stmt->limit.burst != 5) - nft_print(octx, " burst %u packets", - stmt->limit.burst); + nft_print(octx, " burst %u packets", stmt->limit.burst); break; case NFT_LIMIT_PKT_BYTES: data_unit = get_rate(stmt->limit.rate, &rate); diff --git a/tests/py/any/limit.t b/tests/py/any/limit.t index 86e8d430..a04ef42a 100644 --- a/tests/py/any/limit.t +++ b/tests/py/any/limit.t @@ -9,11 +9,11 @@ *bridge;test-bridge;output *netdev;test-netdev;ingress,egress -limit rate 400/minute;ok -limit rate 20/second;ok -limit rate 400/hour;ok -limit rate 40/day;ok -limit rate 400/week;ok +limit rate 400/minute;ok;limit rate 400/minute burst 5 packets +limit rate 20/second;ok;limit rate 20/second burst 5 packets +limit rate 400/hour;ok;limit rate 400/hour burst 5 packets +limit rate 40/day;ok;limit rate 40/day burst 5 packets +limit rate 400/week;ok;limit rate 400/week burst 5 packets limit rate 1023/second burst 10 packets;ok limit rate 1023/second burst 10 bytes;fail @@ -35,11 +35,11 @@ limit rate 1025 kbytes/second burst 1023 kbytes;ok limit rate 1025 mbytes/second burst 1025 kbytes;ok limit rate 1025000 mbytes/second burst 1023 mbytes;ok -limit rate over 400/minute;ok -limit rate over 20/second;ok -limit rate over 400/hour;ok -limit rate over 40/day;ok -limit rate over 400/week;ok +limit rate over 400/minute;ok;limit rate over 400/minute burst 5 packets +limit rate over 20/second;ok;limit rate over 20/second burst 5 packets +limit rate over 400/hour;ok;limit rate over 400/hour burst 5 packets +limit rate over 40/day;ok;limit rate over 40/day burst 5 packets +limit rate over 400/week;ok;limit rate over 400/week burst 5 packets limit rate over 1023/second burst 10 packets;ok limit rate over 1 kbytes/second;ok diff --git a/tests/shell/testcases/json/dumps/0001set_statements_0.nft b/tests/shell/testcases/json/dumps/0001set_statements_0.nft index ee4a8670..d80a4321 100644 --- a/tests/shell/testcases/json/dumps/0001set_statements_0.nft +++ b/tests/shell/testcases/json/dumps/0001set_statements_0.nft @@ -7,6 +7,6 @@ table ip testt { chain testc { type filter hook input priority filter; policy accept; - tcp dport 22 ct state new add @ssh_meter { ip saddr limit rate 10/second } accept + tcp dport 22 ct state new add @ssh_meter { ip saddr limit rate 10/second burst 5 packets } accept } } diff --git a/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft b/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft index 2bb35592..33b9e4ff 100644 --- a/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft +++ b/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft @@ -13,6 +13,6 @@ table ip foo { set inflows_ratelimit { type ipv4_addr . inet_service . ifname . ipv4_addr . inet_service flags dynamic - elements = { 10.1.0.3 . 39466 . "veth1" . 10.3.0.99 . 5201 limit rate 1/second counter packets 0 bytes 0 } + elements = { 10.1.0.3 . 39466 . "veth1" . 10.3.0.99 . 5201 limit rate 1/second burst 5 packets counter packets 0 bytes 0 } } } diff --git a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft index 5a6e3261..0a4cb0a5 100644 --- a/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft +++ b/tests/shell/testcases/sets/dumps/0022type_selective_flush_0.nft @@ -8,6 +8,6 @@ table ip t { } chain c { - tcp dport 80 meter f size 1024 { ip saddr limit rate 10/second } + tcp dport 80 meter f size 1024 { ip saddr limit rate 10/second burst 5 packets } } } diff --git a/tests/shell/testcases/sets/dumps/0038meter_list_0.nft b/tests/shell/testcases/sets/dumps/0038meter_list_0.nft new file mode 100644 index 00000000..f274086b --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0038meter_list_0.nft @@ -0,0 +1,11 @@ +table ip t { + set s { + type ipv4_addr + size 256 + flags dynamic,timeout + } + + chain c { + tcp dport 80 meter m size 128 { ip saddr limit rate 10/second burst 5 packets } + } +} diff --git a/tests/shell/testcases/sets/dumps/0059set_update_multistmt_0.nft b/tests/shell/testcases/sets/dumps/0059set_update_multistmt_0.nft index 1b0ffae4..c1cc3b51 100644 --- a/tests/shell/testcases/sets/dumps/0059set_update_multistmt_0.nft +++ b/tests/shell/testcases/sets/dumps/0059set_update_multistmt_0.nft @@ -8,6 +8,6 @@ table ip x { chain z { type filter hook output priority filter; policy accept; - update @y { ip daddr limit rate 1/second counter } + update @y { ip daddr limit rate 1/second burst 5 packets counter } } } diff --git a/tests/shell/testcases/sets/dumps/0060set_multistmt_0.nft b/tests/shell/testcases/sets/dumps/0060set_multistmt_0.nft index f23db534..df68fcdf 100644 --- a/tests/shell/testcases/sets/dumps/0060set_multistmt_0.nft +++ b/tests/shell/testcases/sets/dumps/0060set_multistmt_0.nft @@ -1,9 +1,9 @@ table ip x { set y { type ipv4_addr - limit rate 1/second counter - elements = { 1.1.1.1 limit rate 1/second counter packets 0 bytes 0, 4.4.4.4 limit rate 1/second counter packets 0 bytes 0, - 5.5.5.5 limit rate 1/second counter packets 0 bytes 0 } + limit rate 1/second burst 5 packets counter + elements = { 1.1.1.1 limit rate 1/second burst 5 packets counter packets 0 bytes 0, 4.4.4.4 limit rate 1/second burst 5 packets counter packets 0 bytes 0, + 5.5.5.5 limit rate 1/second burst 5 packets counter packets 0 bytes 0 } } chain y { |