From 702eff5b5b748842d27811dfb22ed0c7e7003a97 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 30 Aug 2022 16:51:35 +0200 Subject: src: allow burst 0 for byte ratelimit and use it as default Packet-based limit burst is set to 5, as in iptables. However, byte-based limit burst adds to the rate to calculate the bucket size, and this is also sets this to 5 (... bytes in this case). Update it to use zero byte burst by default instead. This patch also updates manpage to describe how the burst value influences the kernel module's token bucket in each of the two modes. This documentation update is based on original text by Phil Sutter. Adjust tests/py to silence warnings due to mismatching byte burst. Fixes: 285baccfea46 ("src: disallow burst 0 in ratelimits") Acked-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- tests/py/any/limit.t.json | 6 +++--- tests/py/any/limit.t.json.output | 24 ++++++++++++------------ tests/py/any/limit.t.payload | 30 +++++++++++++++--------------- 3 files changed, 30 insertions(+), 30 deletions(-) (limited to 'tests/py/any') diff --git a/tests/py/any/limit.t.json b/tests/py/any/limit.t.json index b41ae60a..e001ba0f 100644 --- a/tests/py/any/limit.t.json +++ b/tests/py/any/limit.t.json @@ -129,7 +129,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "per": "second", "rate": 1, @@ -142,7 +142,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "per": "second", "rate": 1, @@ -155,7 +155,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "per": "second", "rate": 1, diff --git a/tests/py/any/limit.t.json.output b/tests/py/any/limit.t.json.output index e6f26496..5a95f5e1 100644 --- a/tests/py/any/limit.t.json.output +++ b/tests/py/any/limit.t.json.output @@ -57,7 +57,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "per": "second", "rate": 1, @@ -70,7 +70,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "per": "second", "rate": 2, @@ -83,7 +83,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "per": "second", "rate": 1025, @@ -96,7 +96,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "per": "second", "rate": 1023, @@ -109,7 +109,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "per": "second", "rate": 10230, @@ -122,7 +122,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "per": "second", "rate": 1023000, @@ -195,7 +195,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "inv": true, "per": "second", @@ -209,7 +209,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "inv": true, "per": "second", @@ -223,7 +223,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "inv": true, "per": "second", @@ -237,7 +237,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "inv": true, "per": "second", @@ -251,7 +251,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "inv": true, "per": "second", @@ -265,7 +265,7 @@ [ { "limit": { - "burst": 5, + "burst": 0, "burst_unit": "bytes", "inv": true, "per": "second", diff --git a/tests/py/any/limit.t.payload b/tests/py/any/limit.t.payload index 3bd85f4e..0c7ee942 100644 --- a/tests/py/any/limit.t.payload +++ b/tests/py/any/limit.t.payload @@ -24,39 +24,39 @@ ip test-ip4 output # limit rate 1 kbytes/second ip test-ip4 output - [ limit rate 1024/second burst 5 type bytes flags 0x0 ] + [ limit rate 1024/second burst 0 type bytes flags 0x0 ] # limit rate 2 kbytes/second ip test-ip4 output - [ limit rate 2048/second burst 5 type bytes flags 0x0 ] + [ limit rate 2048/second burst 0 type bytes flags 0x0 ] # limit rate 1025 kbytes/second ip test-ip4 output - [ limit rate 1049600/second burst 5 type bytes flags 0x0 ] + [ limit rate 1049600/second burst 0 type bytes flags 0x0 ] # limit rate 1023 mbytes/second ip test-ip4 output - [ limit rate 1072693248/second burst 5 type bytes flags 0x0 ] + [ limit rate 1072693248/second burst 0 type bytes flags 0x0 ] # limit rate 10230 mbytes/second ip test-ip4 output - [ limit rate 10726932480/second burst 5 type bytes flags 0x0 ] + [ limit rate 10726932480/second burst 0 type bytes flags 0x0 ] # limit rate 1023000 mbytes/second ip test-ip4 output - [ limit rate 1072693248000/second burst 5 type bytes flags 0x0 ] + [ limit rate 1072693248000/second burst 0 type bytes flags 0x0 ] # limit rate 1 bytes / second ip - [ limit rate 1/second burst 5 type bytes flags 0x0 ] + [ limit rate 1/second burst 0 type bytes flags 0x0 ] # limit rate 1 kbytes / second ip - [ limit rate 1024/second burst 5 type bytes flags 0x0 ] + [ limit rate 1024/second burst 0 type bytes flags 0x0 ] # limit rate 1 mbytes / second ip - [ limit rate 1048576/second burst 5 type bytes flags 0x0 ] + [ limit rate 1048576/second burst 0 type bytes flags 0x0 ] # limit rate 1025 bytes/second burst 512 bytes @@ -101,27 +101,27 @@ ip test-ip4 output # limit rate over 1 kbytes/second ip test-ip4 output - [ limit rate 1024/second burst 5 type bytes flags 0x1 ] + [ limit rate 1024/second burst 0 type bytes flags 0x1 ] # limit rate over 2 kbytes/second ip test-ip4 output - [ limit rate 2048/second burst 5 type bytes flags 0x1 ] + [ limit rate 2048/second burst 0 type bytes flags 0x1 ] # limit rate over 1025 kbytes/second ip test-ip4 output - [ limit rate 1049600/second burst 5 type bytes flags 0x1 ] + [ limit rate 1049600/second burst 0 type bytes flags 0x1 ] # limit rate over 1023 mbytes/second ip test-ip4 output - [ limit rate 1072693248/second burst 5 type bytes flags 0x1 ] + [ limit rate 1072693248/second burst 0 type bytes flags 0x1 ] # limit rate over 10230 mbytes/second ip test-ip4 output - [ limit rate 10726932480/second burst 5 type bytes flags 0x1 ] + [ limit rate 10726932480/second burst 0 type bytes flags 0x1 ] # limit rate over 1023000 mbytes/second ip test-ip4 output - [ limit rate 1072693248000/second burst 5 type bytes flags 0x1 ] + [ limit rate 1072693248000/second burst 0 type bytes flags 0x1 ] # limit rate over 1025 bytes/second burst 512 bytes ip test-ip4 output -- cgit v1.2.3