Jan Engelhardt <jengelh@xxxxxxx> wrote: > > On Wednesday 2016-03-02 15:50, Florian Westphal wrote: > >> > >> "--probability" is meant to represent saying "with a probability > >> of p=10%, ...". This does not mandate any particular operator. > > > >So my suggestion is this: > > > >for nft v2 of meta random support: > > > >- keep the 'implicit LE op' behaviour so that > >meta random 0.1 means '10% probability of matching'. > >- change display to hide the LE detail from the user, i.e. > >don't show 'meta random le 0.1' but 'meta random 0.1'. > >[ I agree with Jan, its detail, users can still see this > >with debug output on ]. > > What I implied is that the operator ought to completely disappear, > also from the netlink exchange. Let the random module take > just p at the user-kernel boundary, like xt_statistic.c did. This is what I want to avoid. Right now meta random is 6 lines of kernel code; It just fills a 32bit register with prandom_u32 result. Everything else can be modeled with the nf_tables engine. And I think thats the right approach, adding an nft_random expression seems overkill. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
