Hi, how far can I push --hashlimit-htable-max size? I did some tests with 262144: -m hashlimit --hashlimit-mode srcip --hashlimit-name testlimiter --hashlimit 1/s --hashlimit-burst 10 --hashlimit-htable-size 4096 --hashlimit-htable-max 262144 -j RETURN but it wasn't holding: xxxx:11:05 white kernel: xt_hashlimit: max count of 262144 reached xxxx:11:05 white kernel: xt_hashlimit: max count of 262144 reached xxxx:11:05 white kernel: xt_hashlimit: max count of 262144 reached xxxx:11:05 white kernel: xt_hashlimit: max count of 262144 reached xxxx:11:05 white kernel: xt_hashlimit: max count of 262144 reached xxxx:11:05 white kernel: xt_hashlimit: max count of 262144 reached xxxx:11:05 white kernel: xt_hashlimit: max count of 262144 reached xxxx:11:05 white kernel: xt_hashlimit: max count of 262144 reached xxxx:11:05 white kernel: xt_hashlimit: max count of 262144 reached xxxx:11:10 white kernel: net_ratelimit: 239072 callbacks suppressed xxxx:11:10 white kernel: xt_hashlimit: max count of 262144 reached xxxx:11:10 white kernel: xt_hashlimit: max count of 262144 reached Am I doing it wrong? Should I set hashlimit-htable-size = hashlimit-htable-max in order to achieve better performance and map 1 IP to 1 bucket? I even tried to take a look at the module source code but I'm not skilled enough to fully understand it :D I'm asking if there is some in-depth documentation about how hashlimit-htable-max interact with the other parameters(--hashlimit-htable-expire & --hashlimit-htable-gcinterval) in order to handle high traffic flows or if anyone got real world experience taking hashlimit to the limit :) Thank you -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
