<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Allow limit to use any value for time unit"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1214">1214</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Allow limit to use any value for time unit
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>nft
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>boite.pour.spam@gmail.com
</td>
</tr></table>
<p>
<div>
<pre>Currently, it's not possible to set a limit for, let's say, fifteen minutes.
This is completely arbitrary, and counter productive because there is a huge
gap between "mn" and "hour".
The underlying interface use seconds anyway since the specified unit is
converted to seconds in
<a href="http://git.netfilter.org/nftables/tree/src/datatype.c#n1074">http://git.netfilter.org/nftables/tree/src/datatype.c#n1074</a> , so it should be
possible to change:
"limit 10/mn" to "limit 10/300" (or "limit 10/300s")
This would require an additional line in the code from:
static struct error_record *time_unit_parse(const struct location *loc,
const char *str, uint64_t *unit)
{
if (strcmp(str, "second") == 0)
*unit = 1ULL;
else if (strcmp(str, "minute") == 0)
*unit = 1ULL * 60;
else if (strcmp(str, "hour") == 0)
*unit = 1ULL * 60 * 60;
else if (strcmp(str, "day") == 0)
*unit = 1ULL * 60 * 60 * 24;
else if (strcmp(str, "week") == 0)
*unit = 1ULL * 60 * 60 * 24 * 7;
else
return error(loc, "Wrong rate format");
return NULL;
}
to this:
static struct error_record *time_unit_parse(const struct location *loc,
const char *str, uint64_t *unit)
{
if (strcmp(str, "second") == 0)
*unit = 1ULL;
else if (strcmp(str, "minute") == 0)
*unit = 1ULL * 60;
else if (strcmp(str, "hour") == 0)
*unit = 1ULL * 60 * 60;
else if (strcmp(str, "day") == 0)
*unit = 1ULL * 60 * 60 * 24;
else if (strcmp(str, "week") == 0)
*unit = 1ULL * 60 * 60 * 24 * 7;
else if (strchr("123456789", *str)) /* Starts with a non zero number */
*unit = (unsigned long long)strtol(str, NULL, 10);
else
return error(loc, "Wrong rate format");
return NULL;
}
The bison code should also be modified to allow number here:
limit_stmt : LIMIT RATE limit_mode NUM SLASH time_unit
limit_burst
{
$$ = limit_stmt_alloc(&@$);
$$->limit.rate = $4;
$$->limit.unit = $6;
$$->limit.burst = $7;
$$->limit.type = NFT_LIMIT_PKTS;
$$->limit.flags = $3;
}
should read (kind of, untested):
limit_stmt : LIMIT RATE limit_mode NUM SLASH STRING
limit_burst
{
struct error_record *erec;
uint64_t unit;
erec = time_unit_parse(&@$, $5, &unit);
xfree($5);
if (erec != NULL) {
erec_queue(erec, state->msgs);
YYERROR;
}
$$ = limit_stmt_alloc(&@$);
$$->limit.rate = $4;
$$->limit.unit = unit;
$$->limit.burst = $7;
$$->limit.type = NFT_LIMIT_PKTS;
$$->limit.flags = $3;
}</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>