On Wednesday 2010-05-26 22:27, Eric Dumazet wrote: >> > >> > So we create 48 rules using this setup? >> >> Since there are two loops to be done, it would be 96 rules in total. >> >> > I can see why it'll work on the first 48 packets (one for each >> >rule), but what happens on the 49th new connection? It'll go on the >> >first rule again? >> >> nth uses modulus, otherwise you can't get the "every Nth" semantic. :-) >> >> (It should have been: --mode nth --every N --packet I) > >not exactly :) > >It should be --mode nth --every N-I --packet I > >(first rule consume one packet out of 48, then second rule consume one >packet out of 47, ... The second rule still consumes 48 packets, because CONNMARK is non-terminating. Thus it's --every N. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
