Last Modified: Jul 12, 2023
Opened: Dec 22, 2014 Severity: 4-Minor
In order to provide visibility, hardware-accelerated blacklisting leaks 1 packet in 256 (configurable). In software, in order to maintain the correct number of packets that would have been received if the hardware was not present, for every leaked pkt we add 255. tmctl bl_sw_entry_hit counts only software processed packets, but the shun counter counts both hardware and software, so the values may be inconsistent.
HW acceleration of IP Intelligence auto-blacklist/shun list feature