From dd0e717827d8dff3b762a8ebbf15bf57aa4012cb Mon Sep 17 00:00:00 2001 From: Jeremy Sowden Date: Fri, 29 Oct 2021 21:40:09 +0100 Subject: parser: extend limit syntax The documentation describes the syntax of limit statements thus: limit rate [over] packet_number / TIME_UNIT [burst packet_number packets] limit rate [over] byte_number BYTE_UNIT / TIME_UNIT [burst byte_number BYTE_UNIT] TIME_UNIT := second | minute | hour | day BYTE_UNIT := bytes | kbytes | mbytes From this one might infer that a limit may be specified by any of the following: limit rate 1048576/second limit rate 1048576 mbytes/second limit rate 1048576 / second limit rate 1048576 mbytes / second However, the last does not currently parse: $ sudo /usr/sbin/nft add filter input limit rate 1048576 mbytes / second Error: wrong rate format add filter input limit rate 1048576 mbytes / second ^^^^^^^^^^^^^^^^^^^^^^^^^ Extend the `limit_rate_bytes` parser rule to support it, and add some new Python test-cases. Signed-off-by: Jeremy Sowden Signed-off-by: Pablo Neira Ayuso --- tests/py/any/limit.t | 5 +++++ tests/py/any/limit.t.json | 39 +++++++++++++++++++++++++++++++++++++++ tests/py/any/limit.t.payload | 13 +++++++++++++ 3 files changed, 57 insertions(+) (limited to 'tests/py') diff --git a/tests/py/any/limit.t b/tests/py/any/limit.t index 0110e77f..86e8d430 100644 --- a/tests/py/any/limit.t +++ b/tests/py/any/limit.t @@ -25,6 +25,11 @@ limit rate 10230 mbytes/second;ok limit rate 1023000 mbytes/second;ok limit rate 512 kbytes/second burst 5 packets;fail +limit rate 1 bytes / second;ok;limit rate 1 bytes/second +limit rate 1 kbytes / second;ok;limit rate 1 kbytes/second +limit rate 1 mbytes / second;ok;limit rate 1 mbytes/second +limit rate 1 gbytes / second;fail + limit rate 1025 bytes/second burst 512 bytes;ok limit rate 1025 kbytes/second burst 1023 kbytes;ok limit rate 1025 mbytes/second burst 1025 kbytes;ok diff --git a/tests/py/any/limit.t.json b/tests/py/any/limit.t.json index 8bab7e3d..b41ae60a 100644 --- a/tests/py/any/limit.t.json +++ b/tests/py/any/limit.t.json @@ -125,6 +125,45 @@ } ] +# limit rate 1 bytes / second +[ + { + "limit": { + "burst": 5, + "burst_unit": "bytes", + "per": "second", + "rate": 1, + "rate_unit": "bytes" + } + } +] + +# limit rate 1 kbytes / second +[ + { + "limit": { + "burst": 5, + "burst_unit": "bytes", + "per": "second", + "rate": 1, + "rate_unit": "kbytes" + } + } +] + +# limit rate 1 mbytes / second +[ + { + "limit": { + "burst": 5, + "burst_unit": "bytes", + "per": "second", + "rate": 1, + "rate_unit": "mbytes" + } + } +] + # limit rate 1025 bytes/second burst 512 bytes [ { diff --git a/tests/py/any/limit.t.payload b/tests/py/any/limit.t.payload index dc6cea9b..3bd85f4e 100644 --- a/tests/py/any/limit.t.payload +++ b/tests/py/any/limit.t.payload @@ -46,6 +46,19 @@ ip test-ip4 output ip test-ip4 output [ limit rate 1072693248000/second burst 5 type bytes flags 0x0 ] +# limit rate 1 bytes / second +ip + [ limit rate 1/second burst 5 type bytes flags 0x0 ] + +# limit rate 1 kbytes / second +ip + [ limit rate 1024/second burst 5 type bytes flags 0x0 ] + +# limit rate 1 mbytes / second +ip + [ limit rate 1048576/second burst 5 type bytes flags 0x0 ] + + # limit rate 1025 bytes/second burst 512 bytes ip test-ip4 output [ limit rate 1025/second burst 512 type bytes flags 0x0 ] -- cgit v1.2.3