ratelimiter: 800ms too fast, decrease to 2s sustained rate

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-01-15 10:34:40 +0100
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2017-01-15 10:34:40 +0100
commit: eb40185e00b7039269c620f4f733176861ca1d46 (patch)
tree: 2705b15ca7e4dc6612e35e1a51890f1eb333ef72 /src/ratelimiter.c
parent: 4da2ad92155a6f71012c25a47195637e48153446 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/ratelimiter.c b/src/ratelimiter.c
index c45d7ce..12282fd 100644
--- a/src/ratelimiter.c
+++ b/src/ratelimiter.c
@@ -14,7 +14,7 @@ static struct xt_match *v6_match __read_mostly;
 #endif
 
 enum {
-	RATELIMITER_PACKETS_PER_SECOND = 75,
+	RATELIMITER_PACKETS_PER_SECOND = 30,
 	RATELIMITER_PACKETS_BURSTABLE = 5
 };
 
@@ -26,7 +26,7 @@ static inline void cfg_init(struct hashlimit_cfg1 *cfg, int family)
 	else if (family == NFPROTO_IPV6)
 		cfg->srcmask = 96;
 	cfg->mode = XT_HASHLIMIT_HASH_SIP; /* source IP only -- we could also do source port by ORing this with XT_HASHLIMIT_HASH_SPT */
-	cfg->avg = XT_HASHLIMIT_SCALE / RATELIMITER_PACKETS_PER_SECOND; /* 75 per second per IP */
+	cfg->avg = XT_HASHLIMIT_SCALE / RATELIMITER_PACKETS_PER_SECOND; /* 30 per second per IP */
 	cfg->burst = RATELIMITER_PACKETS_BURSTABLE; /* Allow bursts of 5 at a time */
 	cfg->gc_interval = 1000; /* same as expiration date */
 	cfg->expire = 1000; /* Units of avg (seconds = 1) times 1000 */
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-01-15 10:34:40 +0100
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-01-15 10:34:40 +0100
commit	eb40185e00b7039269c620f4f733176861ca1d46 (patch)
tree	2705b15ca7e4dc6612e35e1a51890f1eb333ef72 /src/ratelimiter.c
parent	4da2ad92155a6f71012c25a47195637e48153446 (diff)