diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-03 15:50:03 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-09-23 12:16:13 +0200 |
commit | 6615676d825e02d271fe7a9ca78a77ac3773ab93 (patch) | |
tree | 4b87a754e50301cb2f8c6c47e44670cc6a27356f /src/parser_bison.y | |
parent | 5174b6850291b67769ebd018e5c90837897969c2 (diff) |
src: add per-bytes limit
This example show how to accept packets below the ratelimit:
... limit rate 1024 mbytes/second counter accept
You need a Linux kernel >= 4.3-rc1.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
-rw-r--r-- | src/parser_bison.y | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index cfb6b707..ec44a2cd 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -1446,6 +1446,23 @@ limit_stmt : LIMIT RATE NUM SLASH time_unit $$ = limit_stmt_alloc(&@$); $$->limit.rate = $3; $$->limit.unit = $5; + $$->limit.type = NFT_LIMIT_PKTS; + } + | LIMIT RATE NUM STRING + { + struct error_record *erec; + uint64_t rate, unit; + + erec = rate_parse(&@$, $4, &rate, &unit); + if (erec != NULL) { + erec_queue(erec, state->msgs); + YYERROR; + } + + $$ = limit_stmt_alloc(&@$); + $$->limit.rate = rate * $3; + $$->limit.unit = unit; + $$->limit.type = NFT_LIMIT_PKT_BYTES; } ; |