Currently, libxt_statistic only dumps the probability with a
granularity of 1/1000000. Assuming only stuffed packets with 1440
bytes payload, this would match approximately every 1.341 GB, which is
pretty low for a high-volume router. Trying to match any larger
interval than that (e.g. 2 GB) will cause libxt_statistic to output
"--probability 0.000000", and when restored, will cause it to never
match again.
Bump the dump precision to what xt_statistic can really do, and adjust
the manpage to include a word about it.
Furthermore, employ explicit rounding when reading the argument from
the command line, because the previous implicit conversion would use
truncation, which is not very exact.
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
---
extensions/libxt_statistic.c | 7 ++++---
extensions/libxt_statistic.man | 7 +++----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c
index bce83fa..f13cdba 100644
--- a/extensions/libxt_statistic.c
+++ b/extensions/libxt_statistic.c
@@ -1,3 +1,4 @@
+#include <math.h>
#include <stdbool.h>
#include <stdio.h>
#include <netdb.h>
@@ -62,11 +63,11 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags,
case '2':
if (*flags & 0x2)
xtables_error(PARAMETER_PROBLEM, "double --probability");
- prob = atof(optarg);
+ prob = strtod(optarg, NULL);
if (prob < 0 || prob > 1)
xtables_error(PARAMETER_PROBLEM,
"--probability must be between 0 and 1");
- info->u.random.probability = 0x80000000 * prob;
+ info->u.random.probability = lround(0x80000000 * prob);
*flags |= 0x2;
break;
case '3':
@@ -127,7 +128,7 @@ static void print_match(const struct xt_statistic_info *info, char *prefix)
{
switch (info->mode) {
case XT_STATISTIC_MODE_RANDOM:
- printf(" %smode random%s %sprobability %f", prefix,
+ printf(" %smode random%s %sprobability %.11f", prefix,
(info->flags & XT_STATISTIC_INVERT) ? " !" : "",
prefix,
1.0 * info->u.random.probability / 0x80000000);
diff --git a/extensions/libxt_statistic.man b/extensions/libxt_statistic.man
index 4947daf..47182bf 100644
--- a/extensions/libxt_statistic.man
+++ b/extensions/libxt_statistic.man
@@ -12,10 +12,9 @@ and
.B nth.
.TP
[\fB!\fP] \fB\-\-probability\fP \fIp\fP
-Set the probability from 0 to 1 for a packet to be randomly
-matched. It works only with the
-.B random
-mode.
+Set the probability for a packet to be randomly matched. It only works with the
+\fBrandom\fP mode. \fIp\fP must be within 0.0 and 1.0. The supported
+granularity is in 1/2147483648th increments.
.TP
[\fB!\fP] \fB\-\-every\fP \fIn\fP
Match one packet every nth packet. It works only with the
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
