bugzilla-daemon at netfilter.org
2018-Nov-14 13:52 UTC
[Bug 1294] New: Strange --probability behavior
https://bugzilla.netfilter.org/show_bug.cgi?id=1294
Bug ID: 1294
Summary: Strange --probability behavior
Product: iptables
Version: 1.4.x
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: iptables
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: ivan.agarkov at gmail.com
Pasting these rules:
-A CLUSTER_EMUL -m set --match-set crop10_src src -m statistic --mode random
--probability 0.1 -j DROP
-A CLUSTER_EMUL -m set --match-set crop20_src src -m statistic --mode random
--probability 0.2 -j DROP
-A CLUSTER_EMUL -m set --match-set crop50_src src -m statistic --mode random
--probability 0.5 -j DROP
-A CLUSTER_EMUL -m set --match-set crop10_dst dst -m statistic --mode random
--probability 0.1 -j DROP
-A CLUSTER_EMUL -m set --match-set crop20_dst dst -m statistic --mode random
--probability 0.2 -j DROP
-A CLUSTER_EMUL -m set --match-set crop50_dst dst -m statistic --mode random
--probability 0.5 -j DROP
Getting these:
-A CLUSTER_EMUL -m set --match-set crop10_src src -m statistic --mode random
--probability 0.10000000009 -j DROP
-A CLUSTER_EMUL -m set --match-set crop20_src src -m statistic --mode random
--probability 0.20000000019 -j DROP
-A CLUSTER_EMUL -m set --match-set crop50_src src -m statistic --mode random
--probability 0.50000000000 -j DROP
-A CLUSTER_EMUL -m set --match-set crop10_dst dst -m statistic --mode random
--probability 0.10000000009 -j DROP
-A CLUSTER_EMUL -m set --match-set crop20_dst dst -m statistic --mode random
--probability 0.20000000019 -j DROP
-A CLUSTER_EMUL -m set --match-set crop50_dst dst -m statistic --mode random
--probability 0.50000000000 -j DROP
As you see here 0.1 suddenly becomes 0.10000000009.
iptables-1.4.21-17.el7.x86_64 @ CentOS 7
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181114/50cae7e1/attachment.html>
bugzilla-daemon at netfilter.org
2018-Nov-14 13:57 UTC
[Bug 1294] Strange --probability behavior
https://bugzilla.netfilter.org/show_bug.cgi?id=1294 --- Comment #1 from Ivan Agarkov <ivan.agarkov at gmail.com> --- Also got the same result on latest Arch rolling iptables 1:1.6.2-3 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181114/78dea93c/attachment.html>
Reasonably Related Threads
- [Bug 1152] New: iptables-xml crashed on -D rules
- [Bug 1692] New: CentOS 7 kernel up to 3.10.0-1160.92.1.el7.x86_64 - nftables hangs the system on set flush
- Prototype 1.5.1.1. bug, "too much recursion" line 1294
- CEBA-2012:1294 CentOS 6 krb5 Update
- CEBA-2016:1294 CentOS 5 samba3x BugFix Update