parser_bison: allow to restore limit from dynamic set

Update parser to allow to restore limit per set element in dynamic set.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1477
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 32 insertions, 0 deletions

diff --git a/src/parser_bison.y b/src/parser_bison.y
index a8884466..fb329919 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -4097,6 +4097,38 @@ set_elem_expr_option	:	TIMEOUT			time_spec
 				stmt->counter.bytes = $5;
 				$<expr>0->stmt = stmt;
 			}
+			|	LIMIT   RATE    limit_mode      NUM     SLASH   time_unit       limit_burst_pkts
+			{
+				struct stmt *stmt;
+
+				stmt = limit_stmt_alloc(&@$);
+				stmt->limit.rate  = $4;
+				stmt->limit.unit  = $6;
+				stmt->limit.burst = $7;
+				stmt->limit.type  = NFT_LIMIT_PKTS;
+				stmt->limit.flags = $3;
+				$<expr>0->stmt = stmt;
+			}
+			|       LIMIT   RATE    limit_mode      NUM     STRING  limit_burst_bytes
+			{
+				struct error_record *erec;
+				uint64_t rate, unit;
+				struct stmt *stmt;
+
+				erec = rate_parse(&@$, $5, &rate, &unit);
+				xfree($5);
+				if (erec != NULL) {
+					erec_queue(erec, state->msgs);
+					YYERROR;
+				}
+
+				stmt = limit_stmt_alloc(&@$);
+				stmt->limit.rate  = rate * $4;
+				stmt->limit.unit  = unit;
+				stmt->limit.burst = $6;
+				stmt->limit.type  = NFT_LIMIT_PKT_BYTES;
+				stmt->limit.flags = $3;
+                        }
 			|	comment_spec
 			{
 				if (already_set($<expr>0->comment, &@1, state)) {