On 01/03/2019 08:57 AM, Florian Westphal wrote:
Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx> wrote:
I'm afraid I don't understand the rest of the email. Are you saying the only issue is that I need to declare it as an "over" quota?
table inet filter {
quota myq {
over 10 mbytes
}
chain input {
type filter hook input priority filter; policy accept;
quota name "myq" drop
}
}
Traffic comes to a screeching halt after ~10 mbytes, and resumes some
time after 'nft reset quotas'.
aha. In this scenario is 'quota name "myq"' a match or an action? If I
do something like I have three conditions I want to have count towards
the quota, so I use the "quota" as an action:
mark 0x123 quota name "myq"
mark 0x345 quota name "myq"
mark 0x567 quota name "myq"
#now I want to drop if the quota is over
quota name "myq" drop
in the last line there, am I double counting packets because I'm calling
the quota again?
