From 285baccfea46aa61e4ed4777da23105ccf19218b Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 17 Dec 2020 12:36:38 +0100
Subject: src: disallow burst 0 in ratelimits

The ratelimiter in nftables is similar to the one in iptables, and
iptables disallows a zero burst.

Update the byte rate limiter not to print burst 5 (default value).

Update tests/py payloads to print burst 5 instead of zero when the
burst is unspecified.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/py/any/limit.t.payload | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

(limited to 'tests/py/any/limit.t.payload')

diff --git a/tests/py/any/limit.t.payload b/tests/py/any/limit.t.payload
index b0cc84b4..dc6cea9b 100644
--- a/tests/py/any/limit.t.payload
+++ b/tests/py/any/limit.t.payload
@@ -1,22 +1,22 @@
 # limit rate 400/minute
 ip test-ip4 output
-  [ limit rate 400/minute burst 0 type packets flags 0x0 ]
+  [ limit rate 400/minute burst 5 type packets flags 0x0 ]
 
 # limit rate 20/second
 ip test-ip4 output
-  [ limit rate 20/second burst 0 type packets flags 0x0 ]
+  [ limit rate 20/second burst 5 type packets flags 0x0 ]
 
 # limit rate 400/hour
 ip test-ip4 output
-  [ limit rate 400/hour burst 0 type packets flags 0x0 ]
+  [ limit rate 400/hour burst 5 type packets flags 0x0 ]
 
 # limit rate 400/week
 ip test-ip4 output
-  [ limit rate 400/week burst 0 type packets flags 0x0 ]
+  [ limit rate 400/week burst 5 type packets flags 0x0 ]
 
 # limit rate 40/day
 ip test-ip4 output
-  [ limit rate 40/day burst 0 type packets flags 0x0 ]
+  [ limit rate 40/day burst 5 type packets flags 0x0 ]
 
 # limit rate 1023/second burst 10 packets
 ip test-ip4 output
@@ -24,27 +24,27 @@ ip test-ip4 output
 
 # limit rate 1 kbytes/second
 ip test-ip4 output
-  [ limit rate 1024/second burst 0 type bytes flags 0x0 ]
+  [ limit rate 1024/second burst 5 type bytes flags 0x0 ]
 
 # limit rate 2 kbytes/second
 ip test-ip4 output
-  [ limit rate 2048/second burst 0 type bytes flags 0x0 ]
+  [ limit rate 2048/second burst 5 type bytes flags 0x0 ]
 
 # limit rate 1025 kbytes/second
 ip test-ip4 output
-  [ limit rate 1049600/second burst 0 type bytes flags 0x0 ]
+  [ limit rate 1049600/second burst 5 type bytes flags 0x0 ]
 
 # limit rate 1023 mbytes/second
 ip test-ip4 output
-  [ limit rate 1072693248/second burst 0 type bytes flags 0x0 ]
+  [ limit rate 1072693248/second burst 5 type bytes flags 0x0 ]
 
 # limit rate 10230 mbytes/second
 ip test-ip4 output
-  [ limit rate 10726932480/second burst 0 type bytes flags 0x0 ]
+  [ limit rate 10726932480/second burst 5 type bytes flags 0x0 ]
 
 # limit rate 1023000 mbytes/second
 ip test-ip4 output
-  [ limit rate 1072693248000/second burst 0 type bytes flags 0x0 ]
+  [ limit rate 1072693248000/second burst 5 type bytes flags 0x0 ]
 
 # limit rate 1025 bytes/second burst 512 bytes
 ip test-ip4 output
@@ -64,23 +64,23 @@ ip test-ip4 output
 
 # limit rate over 400/minute
 ip test-ip4 output
-  [ limit rate 400/minute burst 0 type packets flags 0x1 ]
+  [ limit rate 400/minute burst 5 type packets flags 0x1 ]
 
 # limit rate over 20/second
 ip test-ip4 output
-  [ limit rate 20/second burst 0 type packets flags 0x1 ]
+  [ limit rate 20/second burst 5 type packets flags 0x1 ]
 
 # limit rate over 400/hour
 ip test-ip4 output
-  [ limit rate 400/hour burst 0 type packets flags 0x1 ]
+  [ limit rate 400/hour burst 5 type packets flags 0x1 ]
 
 # limit rate over 400/week
 ip test-ip4 output
-  [ limit rate 400/week burst 0 type packets flags 0x1 ]
+  [ limit rate 400/week burst 5 type packets flags 0x1 ]
 
 # limit rate over 40/day
 ip test-ip4 output
-  [ limit rate 40/day burst 0 type packets flags 0x1 ]
+  [ limit rate 40/day burst 5 type packets flags 0x1 ]
 
 # limit rate over 1023/second burst 10 packets
 ip test-ip4 output
@@ -88,27 +88,27 @@ ip test-ip4 output
 
 # limit rate over 1 kbytes/second
 ip test-ip4 output
-  [ limit rate 1024/second burst 0 type bytes flags 0x1 ]
+  [ limit rate 1024/second burst 5 type bytes flags 0x1 ]
 
 # limit rate over 2 kbytes/second
 ip test-ip4 output
-  [ limit rate 2048/second burst 0 type bytes flags 0x1 ]
+  [ limit rate 2048/second burst 5 type bytes flags 0x1 ]
 
 # limit rate over 1025 kbytes/second
 ip test-ip4 output
-  [ limit rate 1049600/second burst 0 type bytes flags 0x1 ]
+  [ limit rate 1049600/second burst 5 type bytes flags 0x1 ]
 
 # limit rate over 1023 mbytes/second
 ip test-ip4 output
-  [ limit rate 1072693248/second burst 0 type bytes flags 0x1 ]
+  [ limit rate 1072693248/second burst 5 type bytes flags 0x1 ]
 
 # limit rate over 10230 mbytes/second
 ip test-ip4 output
-  [ limit rate 10726932480/second burst 0 type bytes flags 0x1 ]
+  [ limit rate 10726932480/second burst 5 type bytes flags 0x1 ]
 
 # limit rate over 1023000 mbytes/second
 ip test-ip4 output
-  [ limit rate 1072693248000/second burst 0 type bytes flags 0x1 ]
+  [ limit rate 1072693248000/second burst 5 type bytes flags 0x1 ]
 
 # limit rate over 1025 bytes/second burst 512 bytes
 ip test-ip4 output
-- 
cgit v1.2.3