On 21 August 2017 at 12:38, Andy Zhou <azhou@xxxxxxx> wrote:
> Fixes: 96518518cc41 ("netfilter: add nftables")
>
> Current implementation treats the burst configuration the same as
> rate configuration. This can cause the per packet cost to be lower
> than configured. In effect, this bug causes the token bucket to be
> refilled at a higher rate than what user has specified.
>
> This patch changes the implementation so that the token bucket size
> is controlled by "rate + burst", while maintain the token bucket
> refill rate the same as user specified.
>
> Signed-off-by: Andy Zhou <azhou@xxxxxxx>
Usually "Fixes" tag appears immediately above the signoff lines.
This is the bug that we brought up during NFWS this year in Faro, how
the burst was not acting as a burst but rather it just added to the
rate.
Acked-by: Joe Stringer <joe@xxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
