On Wed, Jun 12, 2024 at 06:00:54PM +0200, Fabio Pedretti wrote: > Hi, thanks. > It looks like there is still a limit of 255 for hitcount (and > ip_pkt_list_tot), right? Yeah, that's a kernel limitation, namely XT_RECENT_MAX_NSTAMPS. We may lift or even drop that, but it will require a separate patch either way. > Maybe leave: > The maximum value for the hitcount parameter is 255. > > Even better, remove the limit? :) I see that struct recent_table::nstamps_max_mask must hold the value of the next power of two of the given hitcount (minus one) and is currently a u8. So there will never be no limit, but one could use a u32 in that place and set XT_RECENT_MAX_NSTAMPS to 0xffffffff. I'll send a patch so we have something to discuss. Cheers, Phil
