Currently, libxt_statistic only dumps the probability with a
granularity of 1/
1000000. Assuming only stuffed packets with 1440
bytes payload, this would match approximately every 1.341 GB, which is
pretty low for a high-volume router. Trying to match any larger
interval than that (e.g. 2 GB) will cause libxt_statistic to output
"--probability 0.000000", and when restored, will cause it to never
match again.
Bump the dump precision to what xt_statistic can really do, and adjust
the manpage to include a word about it.
Furthermore, employ explicit rounding when reading the argument from
the command line, because the previous implicit conversion would use
truncation, which is not very exact.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
+#include <math.h>
#include <stdbool.h>
#include <stdio.h>
#include <netdb.h>
case '2':
if (*flags & 0x2)
xtables_error(PARAMETER_PROBLEM, "double --probability");
- prob = atof(optarg);
+ prob = strtod(optarg, NULL);
if (prob < 0 || prob > 1)
xtables_error(PARAMETER_PROBLEM,
"--probability must be between 0 and 1");
- info->u.random.probability = 0x80000000 * prob;
+ info->u.random.probability = lround(0x80000000 * prob);
*flags |= 0x2;
break;
case '3':
{
switch (info->mode) {
case XT_STATISTIC_MODE_RANDOM:
- printf(" %smode random%s %sprobability %f", prefix,
+ printf(" %smode random%s %sprobability %.11f", prefix,
(info->flags & XT_STATISTIC_INVERT) ? " !" : "",
prefix,
1.0 * info->u.random.probability / 0x80000000);
.B nth.
.TP
[\fB!\fP] \fB\-\-probability\fP \fIp\fP
-Set the probability from 0 to 1 for a packet to be randomly
-matched. It works only with the
-.B random
-mode.
+Set the probability for a packet to be randomly matched. It only works with the
+\fBrandom\fP mode. \fIp\fP must be within 0.0 and 1.0. The supported
+granularity is in 1/2147483648th increments.
.TP
[\fB!\fP] \fB\-\-every\fP \fIn\fP
Match one packet every nth packet. It works only with the
projects / thirdparty / iptables.git / commitdiff
