On 21 August 2017 at 12:38, Andy Zhou <[email protected]> wrote: > Fixes: 96518518cc41 ("netfilter: add nftables") > > Current implementation treats the burst configuration the same as > rate configuration. This can cause the per packet cost to be lower > than configured. In effect, this bug causes the token bucket to be > refilled at a higher rate than what user has specified. > > This patch changes the implementation so that the token bucket size > is controlled by "rate + burst", while maintain the token bucket > refill rate the same as user specified. > > Signed-off-by: Andy Zhou <[email protected]>
Usually "Fixes" tag appears immediately above the signoff lines. This is the bug that we brought up during NFWS this year in Faro, how the burst was not acting as a burst but rather it just added to the rate. Acked-by: Joe Stringer <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
