Currently, libxt_statistic only dumps the probability with a granularity of 1/1000000. Assuming only stuffed packets with 1440 bytes payload, this would match approximately every 1.341 GB, which is pretty low for a high-volume router. Trying to match any larger interval than that (e.g. 2 GB) will cause libxt_statistic to output "--probability 0.000000", and when restored, will cause it to never match again. Bump the dump precision to what xt_statistic can really do, and adjust the manpage to include a word about it. Furthermore, employ explicit rounding when reading the argument from the command line, because the previous implicit conversion would use truncation, which is not very exact. Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx> --- extensions/libxt_statistic.c | 7 ++++--- extensions/libxt_statistic.man | 7 +++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c index bce83fa..f13cdba 100644 --- a/extensions/libxt_statistic.c +++ b/extensions/libxt_statistic.c @@ -1,3 +1,4 @@ +#include <math.h> #include <stdbool.h> #include <stdio.h> #include <netdb.h> @@ -62,11 +63,11 @@ statistic_parse(int c, char **argv, int invert, unsigned int *flags, case '2': if (*flags & 0x2) xtables_error(PARAMETER_PROBLEM, "double --probability"); - prob = atof(optarg); + prob = strtod(optarg, NULL); if (prob < 0 || prob > 1) xtables_error(PARAMETER_PROBLEM, "--probability must be between 0 and 1"); - info->u.random.probability = 0x80000000 * prob; + info->u.random.probability = lround(0x80000000 * prob); *flags |= 0x2; break; case '3': @@ -127,7 +128,7 @@ static void print_match(const struct xt_statistic_info *info, char *prefix) { switch (info->mode) { case XT_STATISTIC_MODE_RANDOM: - printf(" %smode random%s %sprobability %f", prefix, + printf(" %smode random%s %sprobability %.11f", prefix, (info->flags & XT_STATISTIC_INVERT) ? " !" : "", prefix, 1.0 * info->u.random.probability / 0x80000000); diff --git a/extensions/libxt_statistic.man b/extensions/libxt_statistic.man index 4947daf..47182bf 100644 --- a/extensions/libxt_statistic.man +++ b/extensions/libxt_statistic.man @@ -12,10 +12,9 @@ and .B nth. .TP [\fB!\fP] \fB\-\-probability\fP \fIp\fP -Set the probability from 0 to 1 for a packet to be randomly -matched. It works only with the -.B random -mode. +Set the probability for a packet to be randomly matched. It only works with the +\fBrandom\fP mode. \fIp\fP must be within 0.0 and 1.0. The supported +granularity is in 1/2147483648th increments. .TP [\fB!\fP] \fB\-\-every\fP \fIn\fP Match one packet every nth packet. It works only with the -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html