From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [PATCH] libipt_statistic Date: Mon, 02 Jul 2007 20:16:54 +0200 Message-ID: <46894116.9000203@trash.net> References: <4688F979.60606@trash.net> <46891294.9030405@trash.net> <4689387A.4050207@trash.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: Netfilter Development Mailinglist To: NICOLAS BOULIANE Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org NICOLAS BOULIANE wrote: > i'm not trying to bother you, but there's surely something I dont > understand. Don't worry :) > In the kernel we have: > if (info->u.nth.count++ == info->u.nth.every) > info->u.nth.count = 0; > > --every 4 --packet 2 > count = 1, every = 3, packet = 2 > > 1th packet: > if (1 == 3) { // no match > > 2th packet: > if (2 == 3) { // no match > > 3th packet: > if (3 == 3) { // match and set __count = 0__ > > next time we will match the 4th packet. > Is what I should expect ? or there's something wrong. It is. "--every 4" is the period, we'll match every 4th packet. "--packet 2" says you want to match the third (thats the non-obvious part) packet. The main reason why you would --packet at all is for multiple subsequent rules that don't abort rule traversal: ... --every 4 --packet 0 -j MARK --set-mark 1 (match 1st packet) ... --every 4 --packet 1 -j MARK --set-mark 2 (match 2nd packet) ... --every 4 --packet 2 -j MARK --set-mark 3 (match 3rd packet) ... --every 4 --packet 3 -j MARK --set-mark 4 (match 4th packet) So for every packet only a single rule will match. You could do something like that for load-balancing for example.