diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-12-17 12:36:38 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-12-18 12:38:38 +0100 |
commit | 285baccfea46aa61e4ed4777da23105ccf19218b (patch) | |
tree | af722b8abe89bfa02e9c7561623183c741ffdb70 /src/statement.c | |
parent | e6d1d0d6119585a5cd63fcc02c0eb98e30b095cb (diff) |
src: disallow burst 0 in ratelimits
The ratelimiter in nftables is similar to the one in iptables, and
iptables disallows a zero burst.
Update the byte rate limiter not to print burst 5 (default value).
Update tests/py payloads to print burst 5 instead of zero when the
burst is unspecified.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/statement.c')
-rw-r--r-- | src/statement.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/statement.c b/src/statement.c index 39020857..f7f1c0c4 100644 --- a/src/statement.c +++ b/src/statement.c @@ -464,7 +464,7 @@ static void limit_stmt_print(const struct stmt *stmt, struct output_ctx *octx) nft_print(octx, "limit rate %s%" PRIu64 " %s/%s", inv ? "over " : "", rate, data_unit, get_unit(stmt->limit.unit)); - if (stmt->limit.burst > 0) { + if (stmt->limit.burst != 5) { uint64_t burst; data_unit = get_rate(stmt->limit.burst, &burst); |