From 3f5ef7d63f9ef70855dedd9b5aa7eba2f63a1ec7 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 9 Dec 2015 22:55:30 +0100 Subject: src: support limit rate over value So far it was only possible to match packet under a rate limit, this patch allows you to explicitly indicate if you want to match packets that goes over or until the rate limit, eg. ... limit rate over 3/second counter log prefix "OVERLIMIT: " drop ... limit rate over 3 mbytes/second counter log prefix "OVERLIMIT: " drop ... ct state invalid limit rate until 1/second counter log prefix "INVALID: " When listing rate limit until, this shows: ... ct state invalid limit rate 1/second counter log prefix "INVALID: " thus, the existing syntax is still valid (i.e. default to rate limit until). Signed-off-by: Pablo Neira Ayuso --- tests/py/any/limit.t | 19 +++++++++ tests/py/any/limit.t.payload | 96 ++++++++++++++++++++++++++++++++++++-------- 2 files changed, 99 insertions(+), 16 deletions(-) (limited to 'tests/py/any') diff --git a/tests/py/any/limit.t b/tests/py/any/limit.t index 358b5abb..8180bea3 100644 --- a/tests/py/any/limit.t +++ b/tests/py/any/limit.t @@ -26,3 +26,22 @@ limit rate 1025 bytes/second burst 512 bytes;ok limit rate 1025 kbytes/second burst 1023 kbytes;ok limit rate 1025 mbytes/second burst 1025 kbytes;ok limit rate 1025000 mbytes/second burst 1023 mbytes;ok + +limit rate over 400/minute;ok +limit rate over 20/second;ok +limit rate over 400/hour;ok +limit rate over 40/day;ok +limit rate over 400/week;ok +limit rate over 1023/second burst 10 packets;ok + +limit rate over 1 kbytes/second;ok +limit rate over 2 kbytes/second;ok +limit rate over 1025 kbytes/second;ok +limit rate over 1023 mbytes/second;ok +limit rate over 10230 mbytes/second;ok +limit rate over 1023000 mbytes/second;ok + +limit rate over 1025 bytes/second burst 512 bytes;ok +limit rate over 1025 kbytes/second burst 1023 kbytes;ok +limit rate over 1025 mbytes/second burst 1025 kbytes;ok +limit rate over 1025000 mbytes/second burst 1023 mbytes;ok diff --git a/tests/py/any/limit.t.payload b/tests/py/any/limit.t.payload index a3c87d84..b0cc84b4 100644 --- a/tests/py/any/limit.t.payload +++ b/tests/py/any/limit.t.payload @@ -1,64 +1,128 @@ # limit rate 400/minute ip test-ip4 output - [ limit rate 400/minute burst 0 type packets ] + [ limit rate 400/minute burst 0 type packets flags 0x0 ] # limit rate 20/second ip test-ip4 output - [ limit rate 20/second burst 0 type packets ] + [ limit rate 20/second burst 0 type packets flags 0x0 ] # limit rate 400/hour ip test-ip4 output - [ limit rate 400/hour burst 0 type packets ] + [ limit rate 400/hour burst 0 type packets flags 0x0 ] # limit rate 400/week ip test-ip4 output - [ limit rate 400/week burst 0 type packets ] + [ limit rate 400/week burst 0 type packets flags 0x0 ] # limit rate 40/day ip test-ip4 output - [ limit rate 40/day burst 0 type packets ] + [ limit rate 40/day burst 0 type packets flags 0x0 ] # limit rate 1023/second burst 10 packets ip test-ip4 output - [ limit rate 1023/second burst 10 type packets ] + [ limit rate 1023/second burst 10 type packets flags 0x0 ] # limit rate 1 kbytes/second ip test-ip4 output - [ limit rate 1024/second burst 0 type bytes ] + [ limit rate 1024/second burst 0 type bytes flags 0x0 ] # limit rate 2 kbytes/second ip test-ip4 output - [ limit rate 2048/second burst 0 type bytes ] + [ limit rate 2048/second burst 0 type bytes flags 0x0 ] # limit rate 1025 kbytes/second ip test-ip4 output - [ limit rate 1049600/second burst 0 type bytes ] + [ limit rate 1049600/second burst 0 type bytes flags 0x0 ] # limit rate 1023 mbytes/second ip test-ip4 output - [ limit rate 1072693248/second burst 0 type bytes ] + [ limit rate 1072693248/second burst 0 type bytes flags 0x0 ] # limit rate 10230 mbytes/second ip test-ip4 output - [ limit rate 10726932480/second burst 0 type bytes ] + [ limit rate 10726932480/second burst 0 type bytes flags 0x0 ] # limit rate 1023000 mbytes/second ip test-ip4 output - [ limit rate 1072693248000/second burst 0 type bytes ] + [ limit rate 1072693248000/second burst 0 type bytes flags 0x0 ] # limit rate 1025 bytes/second burst 512 bytes ip test-ip4 output - [ limit rate 1025/second burst 512 type bytes ] + [ limit rate 1025/second burst 512 type bytes flags 0x0 ] # limit rate 1025 kbytes/second burst 1023 kbytes ip test-ip4 output - [ limit rate 1049600/second burst 1047552 type bytes ] + [ limit rate 1049600/second burst 1047552 type bytes flags 0x0 ] # limit rate 1025 mbytes/second burst 1025 kbytes ip test-ip4 output - [ limit rate 1074790400/second burst 1049600 type bytes ] + [ limit rate 1074790400/second burst 1049600 type bytes flags 0x0 ] # limit rate 1025000 mbytes/second burst 1023 mbytes ip test-ip4 output - [ limit rate 1074790400000/second burst 1072693248 type bytes ] + [ limit rate 1074790400000/second burst 1072693248 type bytes flags 0x0 ] + +# limit rate over 400/minute +ip test-ip4 output + [ limit rate 400/minute burst 0 type packets flags 0x1 ] + +# limit rate over 20/second +ip test-ip4 output + [ limit rate 20/second burst 0 type packets flags 0x1 ] + +# limit rate over 400/hour +ip test-ip4 output + [ limit rate 400/hour burst 0 type packets flags 0x1 ] + +# limit rate over 400/week +ip test-ip4 output + [ limit rate 400/week burst 0 type packets flags 0x1 ] + +# limit rate over 40/day +ip test-ip4 output + [ limit rate 40/day burst 0 type packets flags 0x1 ] + +# limit rate over 1023/second burst 10 packets +ip test-ip4 output + [ limit rate 1023/second burst 10 type packets flags 0x1 ] + +# limit rate over 1 kbytes/second +ip test-ip4 output + [ limit rate 1024/second burst 0 type bytes flags 0x1 ] + +# limit rate over 2 kbytes/second +ip test-ip4 output + [ limit rate 2048/second burst 0 type bytes flags 0x1 ] + +# limit rate over 1025 kbytes/second +ip test-ip4 output + [ limit rate 1049600/second burst 0 type bytes flags 0x1 ] + +# limit rate over 1023 mbytes/second +ip test-ip4 output + [ limit rate 1072693248/second burst 0 type bytes flags 0x1 ] + +# limit rate over 10230 mbytes/second +ip test-ip4 output + [ limit rate 10726932480/second burst 0 type bytes flags 0x1 ] + +# limit rate over 1023000 mbytes/second +ip test-ip4 output + [ limit rate 1072693248000/second burst 0 type bytes flags 0x1 ] + +# limit rate over 1025 bytes/second burst 512 bytes +ip test-ip4 output + [ limit rate 1025/second burst 512 type bytes flags 0x1 ] + +# limit rate over 1025 kbytes/second burst 1023 kbytes +ip test-ip4 output + [ limit rate 1049600/second burst 1047552 type bytes flags 0x1 ] + +# limit rate over 1025 mbytes/second burst 1025 kbytes +ip test-ip4 output + [ limit rate 1074790400/second burst 1049600 type bytes flags 0x1 ] + +# limit rate over 1025000 mbytes/second burst 1023 mbytes +ip test-ip4 output + [ limit rate 1074790400000/second burst 1072693248 type bytes flags 0x1 ] -- cgit v1.2.3