path: root/tests/xmlfiles/75-ruleset.xml
diff options
authorPhil Oester <>2013-10-22 10:48:22 +0200
committerPablo Neira Ayuso <>2013-10-22 10:49:02 +0200
commite91ea14da66759c71d5c2a581b82c2508a02f60a (patch)
treeeaf91c52854f877bf66e130962b90d164fcc4220 /tests/xmlfiles/75-ruleset.xml
parentbc7b5e747f70d229ca5d5fb0709548a47e2830fc (diff)
expr: limit: operational limit match
The nft limit match currently does not work at all. Below patches to nftables, libnftables, and kernel address the issue. A few notes on the implementation: - Removed support for nano/micro/milli second limits. These seem pointless, given we are using jiffies in the limit match, not a hpet. And who really needs to limit items down to sub-second level?? - 'depth' member is removed as unnecessary. All we need in the kernel is the rate and the unit. - 'stamp' member becomes the time we need to next refresh the token bucket, instead of being updated on every packet which goes through the match. This closes netfilter bugzilla #827, reported by Eric Leblond. Signed-off-by: Phil Oester <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'tests/xmlfiles/75-ruleset.xml')
0 files changed, 0 insertions, 0 deletions