aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2017-01-15 10:34:40 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2017-01-15 10:34:40 +0100
commitdec3e2dbcc6e63b92e899a001816fabeea86cc76 (patch)
treef37902284847213cd0ce54cfd7e12503b06da5ea
parentUse __read_mostly attribute when possible (diff)
downloadwireguard-monolithic-historical-dec3e2dbcc6e63b92e899a001816fabeea86cc76.tar.xz
wireguard-monolithic-historical-dec3e2dbcc6e63b92e899a001816fabeea86cc76.zip
ratelimiter: 800ms too fast, decrease to 2s sustained rate
-rw-r--r--src/ratelimiter.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/ratelimiter.c b/src/ratelimiter.c
index c45d7ce..12282fd 100644
--- a/src/ratelimiter.c
+++ b/src/ratelimiter.c
@@ -14,7 +14,7 @@ static struct xt_match *v6_match __read_mostly;
#endif
enum {
- RATELIMITER_PACKETS_PER_SECOND = 75,
+ RATELIMITER_PACKETS_PER_SECOND = 30,
RATELIMITER_PACKETS_BURSTABLE = 5
};
@@ -26,7 +26,7 @@ static inline void cfg_init(struct hashlimit_cfg1 *cfg, int family)
else if (family == NFPROTO_IPV6)
cfg->srcmask = 96;
cfg->mode = XT_HASHLIMIT_HASH_SIP; /* source IP only -- we could also do source port by ORing this with XT_HASHLIMIT_HASH_SPT */
- cfg->avg = XT_HASHLIMIT_SCALE / RATELIMITER_PACKETS_PER_SECOND; /* 75 per second per IP */
+ cfg->avg = XT_HASHLIMIT_SCALE / RATELIMITER_PACKETS_PER_SECOND; /* 30 per second per IP */
cfg->burst = RATELIMITER_PACKETS_BURSTABLE; /* Allow bursts of 5 at a time */
cfg->gc_interval = 1000; /* same as expiration date */
cfg->expire = 1000; /* Units of avg (seconds = 1) times 1000 */