[Bug 1294] New: Strange --probability behavior

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Nov 14 14:52:07 CET 2018 

https://bugzilla.netfilter.org/show_bug.cgi?id=1294

            Bug ID: 1294
           Summary: Strange --probability behavior
           Product: iptables
           Version: 1.4.x
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: iptables
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: ivan.agarkov at gmail.com

Pasting these rules:

-A CLUSTER_EMUL -m set --match-set crop10_src src -m statistic --mode random
--probability 0.1 -j DROP
-A CLUSTER_EMUL -m set --match-set crop20_src src -m statistic --mode random
--probability 0.2 -j DROP
-A CLUSTER_EMUL -m set --match-set crop50_src src -m statistic --mode random
--probability 0.5 -j DROP
-A CLUSTER_EMUL -m set --match-set crop10_dst dst -m statistic --mode random
--probability 0.1 -j DROP
-A CLUSTER_EMUL -m set --match-set crop20_dst dst -m statistic --mode random
--probability 0.2 -j DROP
-A CLUSTER_EMUL -m set --match-set crop50_dst dst -m statistic --mode random
--probability 0.5 -j DROP


Getting these:

-A CLUSTER_EMUL -m set --match-set crop10_src src -m statistic --mode random
--probability 0.10000000009 -j DROP
-A CLUSTER_EMUL -m set --match-set crop20_src src -m statistic --mode random
--probability 0.20000000019 -j DROP
-A CLUSTER_EMUL -m set --match-set crop50_src src -m statistic --mode random
--probability 0.50000000000 -j DROP
-A CLUSTER_EMUL -m set --match-set crop10_dst dst -m statistic --mode random
--probability 0.10000000009 -j DROP
-A CLUSTER_EMUL -m set --match-set crop20_dst dst -m statistic --mode random
--probability 0.20000000019 -j DROP
-A CLUSTER_EMUL -m set --match-set crop50_dst dst -m statistic --mode random
--probability 0.50000000000 -j DROP

As you see here 0.1 suddenly becomes 0.10000000009. 

iptables-1.4.21-17.el7.x86_64 @ CentOS 7

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181114/50cae7e1/attachment.html>

More information about the netfilter-buglog mailing list