<html>
    <head>
      <base href="https://bugzilla.netfilter.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - unable to use limit with counter in meters"
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1267">1267</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>unable to use limit with counter in meters
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>nftables
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86_64
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Gentoo
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P5
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>nft
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>pablo@netfilter.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>karel@unitednetworks.cz
          </td>
        </tr></table>
      <p>
        <div>
        <pre>It looks like nft doesnt allow counter after limit inside of meter.

counter after limit:
--------------------

localhost ~ # nft add rule filter INPUT icmp type echo-request meter
icmp-spammer { ip saddr limit rate over 10/second burst 30 packets counter}
counter drop
Error: syntax error, unexpected counter, expecting '}'
add rule filter INPUT icmp type echo-request meter icmp-spammer { ip saddr
limit rate over 10/second burst 30 packets counter} counter drop


counter before limit (just for test):
-------------------------------------
                                                                               
                                                  localhost ~ # nft add rule
filter INPUT icmp type echo-request meter icmp-spammer { ip saddr counter limit
rate over 10/second burst 30 packets} counter drop
Error: syntax error, unexpected limit, expecting '}'
add rule filter INPUT icmp type echo-request meter icmp-spammer { ip saddr
counter limit rate over 10/second burst 30 packets} counter drop


without counter adding rule works:
----------------------------------

localhost ~ # nft add rule filter INPUT icmp type echo-request meter
icmp-spammer { ip saddr limit rate over 10/second burst 30 packets} counter
drop


Without limit counter in meter works, e.g.:
-------------------------------------------

localhost ~ # nft add rule filter INPUT icmp type echo-request meter icmp-meter
{ ip saddr counter }   



Expected behaviour: counter after limit inside meter should count packets/bytes
which got through limit (which are under limit, or when using "over" keyword
which are over limit).</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>