RE: iptables Configured ratelimit is not same as the rule shown in Rule display

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi John,

Thanks for the reply.

Can this rounding error be corrected or the behaviour will be to rate-limit traffic once 303 is exceeded?

Regards
Naveen S

-----Original Message-----
From: John Haxby <john.haxby@xxxxxxxxxx> 
Sent: Thursday, February 28, 2019 3:22 PM
To: Shivegowda, Naveen (Nokia - IN/Bangalore) <naveen.shivegowda@xxxxxxxxx>
Cc: netfilter@xxxxxxxxxxxxxxx
Subject: Re: iptables Configured ratelimit is not same as the rule shown in Rule display



> On 28 Feb 2019, at 09:28, Shivegowda, Naveen (Nokia - IN/Bangalore) <naveen.shivegowda@xxxxxxxxx> wrote:
> 
> When I try to configure rate limit values with a certain number, in Rule display 'configured number + additional number' is shown as rate-limit value.
> 
> iptables -A TEST -p tcp -m limit --limit 300  -j ACCEPT iptables -nvL 
> TEST Chain TEST (0 references)
> pkts bytes target     prot opt in     out     source               destination
>    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 303/sec burst 5
> 
> Above behavior is same for rate-limit value starting from 295 until 303.
> I wanted to know the reason behind additional number getting added to the original rate-limit value used during configuration.

It's a rounding error.   The limit you've asked for is 300/sec but as the time resolution isn't an exact multiple of 300 ticks per second you'll get a rounding error.

jch




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux