On Thu, Apr 17, 2025 at 03:49:30PM +0000, Zhongqiu Duan wrote: > The xt_quota compares skb length with remaining quota, but the nft_quota > compares it with consumed bytes. > > The xt_quota can match consumed bytes up to quota at maximum. But the > nft_quota break match when consumed bytes equal to quota. > > i.e., nft_quota match consumed bytes in [0, quota - 1], not [0, quota]. Yes, quota is off by one. Applied to nf-next, thanks.
