[Bug 820] Quotas not limiting the exact specified limit

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Jul 1 22:37:41 CEST 2013


Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |WONTFIX
           Severity|critical                    |normal

--- Comment #8 from Phil Oester <netfilter at linuxace.com> 2013-07-01 22:37:38 CEST ---
I see the difference - you are using an old kernel, which does not have this

   commit 49daf6a22622d4e1619aeaad5f9f0472bf89daff
   Author: Changli Gao <xiaosuo at gmail.com>
   Date:   Fri Jul 23 14:07:47 2010 +0200

     xt_quota: report initial quota value instead of current value to userspace

     We should copy the initial value to userspace for iptables-save and
     to allow removal of specific quota rules.

So on newer kernels, you will always see the same quota value everytime you run
iptables -L.  Perhaps you should upgrade?

Regardless, as previously stated, the per-cpu nature of iptables rulesets mean
you should always use the same CPU (via taskset) if you wish to see the packet
counters increasing as they should.

Closing this bug - nothing can be done unfortunately.

Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list