> On 28 Feb 2019, at 09:28, Shivegowda, Naveen (Nokia - IN/Bangalore) <naveen.shivegowda@xxxxxxxxx> wrote: > > When I try to configure rate limit values with a certain number, in Rule display 'configured number + additional number' is shown as rate-limit value. > > iptables -A TEST -p tcp -m limit --limit 300 -j ACCEPT > iptables -nvL TEST > Chain TEST (0 references) > pkts bytes target prot opt in out source destination > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 303/sec burst 5 > > Above behavior is same for rate-limit value starting from 295 until 303. > I wanted to know the reason behind additional number getting added to the original rate-limit value used during configuration. It's a rounding error. The limit you've asked for is 300/sec but as the time resolution isn't an exact multiple of 300 ticks per second you'll get a rounding error. jch
Attachment:
signature.asc
Description: Message signed with OpenPGP
