From: Jeremy Sowden <jeremy@azazel.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: [nft PATCH v2 3/3] parser: extend limit syntax
Date: Fri, 29 Oct 2021 21:40:09 +0100 [thread overview]
Message-ID: <20211029204009.954315-4-jeremy@azazel.net> (raw)
In-Reply-To: <20211029204009.954315-1-jeremy@azazel.net>
The documentation describes the syntax of limit statements thus:
limit rate [over] packet_number / TIME_UNIT [burst packet_number packets]
limit rate [over] byte_number BYTE_UNIT / TIME_UNIT [burst byte_number BYTE_UNIT]
TIME_UNIT := second | minute | hour | day
BYTE_UNIT := bytes | kbytes | mbytes
From this one might infer that a limit may be specified by any of the
following:
limit rate 1048576/second
limit rate 1048576 mbytes/second
limit rate 1048576 / second
limit rate 1048576 mbytes / second
However, the last does not currently parse:
$ sudo /usr/sbin/nft add filter input limit rate 1048576 mbytes / second
Error: wrong rate format
add filter input limit rate 1048576 mbytes / second
^^^^^^^^^^^^^^^^^^^^^^^^^
Extend the `limit_rate_bytes` parser rule to support it, and add some
new Python test-cases.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
src/parser_bison.y | 5 +++++
tests/py/any/limit.t | 5 +++++
tests/py/any/limit.t.json | 39 ++++++++++++++++++++++++++++++++++++
tests/py/any/limit.t.payload | 13 ++++++++++++
4 files changed, 62 insertions(+)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index cf1e139d42f3..65fd35a36cde 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3268,6 +3268,11 @@ limit_rate_bytes : NUM STRING
$$.rate = rate * $1;
$$.unit = unit;
}
+ | limit_bytes SLASH time_unit
+ {
+ $$.rate = $1;
+ $$.unit = $3;
+ }
;
limit_bytes : NUM BYTES { $$ = $1; }
diff --git a/tests/py/any/limit.t b/tests/py/any/limit.t
index 0110e77f2e85..86e8d43009b9 100644
--- a/tests/py/any/limit.t
+++ b/tests/py/any/limit.t
@@ -25,6 +25,11 @@ limit rate 10230 mbytes/second;ok
limit rate 1023000 mbytes/second;ok
limit rate 512 kbytes/second burst 5 packets;fail
+limit rate 1 bytes / second;ok;limit rate 1 bytes/second
+limit rate 1 kbytes / second;ok;limit rate 1 kbytes/second
+limit rate 1 mbytes / second;ok;limit rate 1 mbytes/second
+limit rate 1 gbytes / second;fail
+
limit rate 1025 bytes/second burst 512 bytes;ok
limit rate 1025 kbytes/second burst 1023 kbytes;ok
limit rate 1025 mbytes/second burst 1025 kbytes;ok
diff --git a/tests/py/any/limit.t.json b/tests/py/any/limit.t.json
index 8bab7e3d79b4..b41ae60a3bd6 100644
--- a/tests/py/any/limit.t.json
+++ b/tests/py/any/limit.t.json
@@ -125,6 +125,45 @@
}
]
+# limit rate 1 bytes / second
+[
+ {
+ "limit": {
+ "burst": 5,
+ "burst_unit": "bytes",
+ "per": "second",
+ "rate": 1,
+ "rate_unit": "bytes"
+ }
+ }
+]
+
+# limit rate 1 kbytes / second
+[
+ {
+ "limit": {
+ "burst": 5,
+ "burst_unit": "bytes",
+ "per": "second",
+ "rate": 1,
+ "rate_unit": "kbytes"
+ }
+ }
+]
+
+# limit rate 1 mbytes / second
+[
+ {
+ "limit": {
+ "burst": 5,
+ "burst_unit": "bytes",
+ "per": "second",
+ "rate": 1,
+ "rate_unit": "mbytes"
+ }
+ }
+]
+
# limit rate 1025 bytes/second burst 512 bytes
[
{
diff --git a/tests/py/any/limit.t.payload b/tests/py/any/limit.t.payload
index dc6cea9b2846..3bd85f4ebf45 100644
--- a/tests/py/any/limit.t.payload
+++ b/tests/py/any/limit.t.payload
@@ -46,6 +46,19 @@ ip test-ip4 output
ip test-ip4 output
[ limit rate 1072693248000/second burst 5 type bytes flags 0x0 ]
+# limit rate 1 bytes / second
+ip
+ [ limit rate 1/second burst 5 type bytes flags 0x0 ]
+
+# limit rate 1 kbytes / second
+ip
+ [ limit rate 1024/second burst 5 type bytes flags 0x0 ]
+
+# limit rate 1 mbytes / second
+ip
+ [ limit rate 1048576/second burst 5 type bytes flags 0x0 ]
+
+
# limit rate 1025 bytes/second burst 512 bytes
ip test-ip4 output
[ limit rate 1025/second burst 512 type bytes flags 0x0 ]
--
2.33.0
next prev parent reply other threads:[~2021-10-29 20:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-29 20:40 [nft PATCH v2 0/3] parser: refactor and extend limit rate rules Jeremy Sowden
2021-10-29 20:40 ` [nft PATCH v2 1/3] parser: add new `limit_bytes` rule Jeremy Sowden
2021-10-29 20:40 ` [nft PATCH v2 2/3] parser: add `limit_rate_pkts` and `limit_rate_bytes` rules Jeremy Sowden
2021-10-29 20:40 ` Jeremy Sowden [this message]
2021-11-02 11:44 ` [nft PATCH v2 0/3] parser: refactor and extend limit rate rules Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211029204009.954315-4-jeremy@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).