extensions: add xt_statistics random mode translation

Use meta random and bitops to replicate what xt_statistics
is doing.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c
index 4f3341a3d1162fba98168f2f8cffb634c305f70f..37915adc8bc3d149c5a5f20844e06d77b195d90f 100644 (file)
--- a/extensions/libxt_statistic.c
+++ b/extensions/libxt_statistic.c
@@ -141,13 +141,19 @@ static int statistic_xlate(struct xt_xlate *xl,
 
        switch (info->mode) {
        case XT_STATISTIC_MODE_RANDOM:
-               return 0;
+               xt_xlate_add(xl, "meta random & %u %s %u",
+                            INT_MAX,
+                            info->flags & XT_STATISTIC_INVERT ? ">=" : "<",
+                            info->u.random.probability);
+               break;
        case XT_STATISTIC_MODE_NTH:
                xt_xlate_add(xl, "numgen inc mod %u %s%u",
                             info->u.nth.every + 1,
                             info->flags & XT_STATISTIC_INVERT ? "!= " : "",
                             info->u.nth.packet);
                break;
+       default:
+               return 0;
        }
 
        return 1;

diff --git a/extensions/libxt_statistic.txlate b/extensions/libxt_statistic.txlate
index 3196ff20b90d16ab7dcc2ca39e081f790fe5965f..627120c598a60db3989a171a2ebb4aa4a492647f 100644 (file)
--- a/extensions/libxt_statistic.txlate
+++ b/extensions/libxt_statistic.txlate
@@ -5,4 +5,4 @@ iptables-translate -A OUTPUT -m statistic --mode nth ! --every 10 --packet 5
 nft 'add rule ip filter OUTPUT numgen inc mod 10 != 5 counter'
 
 iptables-translate -A OUTPUT -m statistic --mode random --probability 0.1
-nft # -A OUTPUT -m statistic --mode random --probability 0.1
+nft 'add rule ip filter OUTPUT meta random & 2147483647 < 214748365 counter'