netfilter: nft_limit: fix packet ratelimiting - kernel/linux.git

diff options

author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-05-16 23:58:33 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-05-23 10:50:28 +0300
commit	3e0f64b7dd3149f75e8652ff1df56cffeedc8fc1 (patch)
tree	f5ed936c6660e06ceda2ccace703f2b3993c0df3 /tools/perf/scripts/python/call-graph-from-sql.py
parent	97a0549b15a0b466c47f6a0143a490a082c64b4e (diff)
download	linux-3e0f64b7dd3149f75e8652ff1df56cffeedc8fc1.tar.xz

netfilter: nft_limit: fix packet ratelimiting

Credit calculations for the packet ratelimiting are not correct, as per the applied ratelimit of 25/second and burst 8, a total of 33 packets should have been accepted. This is true in iptables(33) but not in nftables (~65). For packet ratelimiting, use: div_u64(limit->nsecs, limit->rate) * limit->burst; to calculate credit, just like in iptables' xt_limit does. Moreover, use default burst in iptables, users are expecting similar behaviour. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'tools/perf/scripts/python/call-graph-from-sql.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: