Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx> wrote:
> On 01/03/2019 08:57 AM, Florian Westphal wrote:
> > Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx> wrote:
> > > I'm afraid I don't understand the rest of the email. Are you saying the only issue is that I need to declare it as an "over" quota?
> > table inet filter {
> > quota myq {
> > over 10 mbytes
> > }
> >
> > chain input {
> > type filter hook input priority filter; policy accept;
> > quota name "myq" drop
> > }
> > }
> >
> > Traffic comes to a screeching halt after ~10 mbytes, and resumes some
> > time after 'nft reset quotas'.
>
> aha. In this scenario is 'quota name "myq"' a match or an action?
Both.
> If I do
> something like I have three conditions I want to have count towards the
> quota, so I use the "quota" as an action:
>
> mark 0x123 quota name "myq"
>
> mark 0x345 quota name "myq"
>
> mark 0x567 quota name "myq"
>
> #now I want to drop if the quota is over
>
> quota name "myq" drop
>
> in the last line there, am I double counting packets because I'm calling the
> quota again?
Yes, double-counting, but you do not need the last line, just add the
'drop' after the mark:
mark 0x123 quota name "myq" drop
mark 0x345 quota name "myq" drop
... and so on.
As long as the quota isn't exhausted, the 'drop' action won't be acted
on.
