On Mon, Aug 21, 2017 at 02:29:13PM -0700, Joe Stringer wrote:
> On 21 August 2017 at 12:38, Andy Zhou <azhou@xxxxxxx> wrote:
> > Fixes: 96518518cc41 ("netfilter: add nftables")
> >
> > Current implementation treats the burst configuration the same as
> > rate configuration. This can cause the per packet cost to be lower
> > than configured. In effect, this bug causes the token bucket to be
> > refilled at a higher rate than what user has specified.
> >
> > This patch changes the implementation so that the token bucket size
> > is controlled by "rate + burst", while maintain the token bucket
> > refill rate the same as user specified.
> >
> > Signed-off-by: Andy Zhou <azhou@xxxxxxx>
>
> Usually "Fixes" tag appears immediately above the signoff lines.
>
> This is the bug that we brought up during NFWS this year in Faro, how
> the burst was not acting as a burst but rather it just added to the
> rate.
>
> Acked-by: Joe Stringer <joe@xxxxxxx>
Applied, thanks a lot for this fix.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
