src: disallow burst 0 in ratelimits

The ratelimiter in nftables is similar to the one in iptables, and iptables disallows a zero burst. Update the byte rate limiter not to print burst 5 (default value). Update tests/py payloads to print burst 5 instead of zero when the burst is unspecified. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2020-12-17 12:36:38 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-12-18 12:38:38 +0100
commit: 285baccfea46aa61e4ed4777da23105ccf19218b (patch)
tree: af722b8abe89bfa02e9c7561623183c741ffdb70 /src/statement.c
parent: e6d1d0d6119585a5cd63fcc02c0eb98e30b095cb (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/statement.c b/src/statement.c
index 39020857..f7f1c0c4 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -464,7 +464,7 @@ static void limit_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
 		nft_print(octx,	"limit rate %s%" PRIu64 " %s/%s",
 			  inv ? "over " : "", rate, data_unit,
 			  get_unit(stmt->limit.unit));
-		if (stmt->limit.burst > 0) {
+		if (stmt->limit.burst != 5) {
 			uint64_t burst;
 
 			data_unit = get_rate(stmt->limit.burst, &burst);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2020-12-17 12:36:38 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-12-18 12:38:38 +0100
commit	285baccfea46aa61e4ed4777da23105ccf19218b (patch)
tree	af722b8abe89bfa02e9c7561623183c741ffdb70 /src/statement.c
parent	e6d1d0d6119585a5cd63fcc02c0eb98e30b095cb (diff)