Re: [nft PATCH] parser: extend limit statement syntax.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2021-10-27, at 11:31:19 +0200, Pablo Neira Ayuso wrote:
> On Wed, Oct 27, 2021 at 11:21:42AM +0200, Pablo Neira Ayuso wrote:
> > On Sun, Oct 03, 2021 at 03:58:32PM +0100, Jeremy Sowden wrote:
> > > On 2021-10-02, at 16:22:30 +0100, Jeremy Sowden wrote:
> > > > The documentation describes the syntax of limit statements thus:
> > > >
> > > >   limit rate [over] packet_number / TIME_UNIT [burst packet_number packets]
> > > >   limit rate [over] byte_number BYTE_UNIT / TIME_UNIT [burst byte_number BYTE_UNIT]
> > > >
> > > >   TIME_UNIT := second | minute | hour | day
> > > >   BYTE_UNIT := bytes | kbytes | mbytes
> > > >
> > > > This implies that one may specify a limit as either of the following:
> > > >
> > > >   limit rate 1048576 / second
> > > >   limit rate 1048576 mbytes / second
> > > >
> > > > However, the latter currently does not parse:
> > > >
> > > >   $ sudo /usr/sbin/nft add filter input limit rate 1048576 mbytes / second
> > > >   Error: wrong rate format
> > > >   add filter input limit rate 1048576 mbytes / second
> > > >                    ^^^^^^^^^^^^^^^^^^^^^^^^^
> > > >
> > > > Extend the parser to support it.
> > > >
> > > > Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx>
> > > > ---
> > > >
> > > > I can't help thinking that it ought to be possible to fold the two
> > > >
> > > >   limit rate [over] byte_number BYTE_UNIT / TIME_UNIT [burst byte_number BYTE_UNIT]
> > > >
> > > > rules into one.  However, my attempts to get the scanner to tokenize
> > > > "bytes/second" as "bytes" "/" "second" (for example) failed.
> > >
> > > Having reread the Flex manual, I've changed my mind.  While it would be
> > > possible, it would be rather fiddly and require more effort than it
> > > would be worth.
> >
> > I can apply this workaround meanwhile we have a better solution for
> > this if this is an issue on your side.
> >
> > Did you get any bug report regarding this?
>
> Another possibility is to remove the existing call to rate_parse().
>
> the bison parser accepts both:
>
> add filter input limit rate 1048576 mbytes / second
> add filter input limit rate 1048576 mbytes/second
>
> after your update, right? I'm missing a few deletions in this previous
> (the existing rules). I think there's a way to consolidate this bison
> rule.

I'll take another look.

J.

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux