* ipt_random status
@ 2007-11-05 15:07 Stefano Sabatini
2007-11-05 16:10 ` Pascal Hambourg
0 siblings, 1 reply; 8+ messages in thread
From: Stefano Sabatini @ 2007-11-05 15:07 UTC (permalink / raw)
To: Netfilter users mailing list
Hi all,
this is my first post here, so first of all many thanks for your great
work on netfilter.
I'm interested in a random filtering rule for iptables: I read about
the ipt_randon extension, so I downloaded the patch-o-matic SVN but I
checked that it has been removed from the trunk since revision 6568.
So my question: is there a chance to see it supported again or do I
have to try to manually patch the kernel with the latest SVN included
version, and in this case how many are the chances to get it working?
I would like to help, but I'm far from being a linux hacker...
Finally, can you suggest some equivalent way to get the same effect
with *BSD?
Thank you so much for your help.
Best regards.
--
Stefano Sabatini
Linux user number 337176 (see http://counter.li.org)
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ipt_random status
2007-11-05 15:07 ipt_random status Stefano Sabatini
@ 2007-11-05 16:10 ` Pascal Hambourg
2007-11-05 9:32 ` Stefano Sabatini
0 siblings, 1 reply; 8+ messages in thread
From: Pascal Hambourg @ 2007-11-05 16:10 UTC (permalink / raw)
To: Netfilter users mailing list
Hello,
Stefano Sabatini a écrit :
>
> I'm interested in a random filtering rule for iptables: I read about
> the ipt_randon extension, so I downloaded the patch-o-matic SVN but I
> checked that it has been removed from the trunk since revision 6568.
The random function has been moved to the 'statistic' match, available
since kernel 2.6.18 and iptables 1.3.6.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ipt_random status
2007-11-05 16:10 ` Pascal Hambourg
@ 2007-11-05 9:32 ` Stefano Sabatini
2007-11-06 15:25 ` Pascal Hambourg
0 siblings, 1 reply; 8+ messages in thread
From: Stefano Sabatini @ 2007-11-05 9:32 UTC (permalink / raw)
To: Netfilter users mailing list
On date Monday 2007-11-05 17:10:05 +0100, Pascal Hambourg wrote:
> Hello,
>
> Stefano Sabatini a écrit :
>> I'm interested in a random filtering rule for iptables: I read about
>> the ipt_randon extension, so I downloaded the patch-o-matic SVN but I
>> checked that it has been removed from the trunk since revision 6568.
>
> The random function has been moved to the 'statistic' match, available
> since kernel 2.6.18 and iptables 1.3.6.
[...]
Thanks you so much, well I see:
iptables -m statistic --help
Shouldn't it be mentioned in the iptables man page?
http://ovid.rdsct.ro/log/modules/index
Best regards.
--
Stefano Sabatini
Linux user number 337176 (see http://counter.li.org)
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ipt_random status
2007-11-05 9:32 ` Stefano Sabatini
@ 2007-11-06 15:25 ` Pascal Hambourg
2007-11-10 17:13 ` Stefano Sabatini
0 siblings, 1 reply; 8+ messages in thread
From: Pascal Hambourg @ 2007-11-06 15:25 UTC (permalink / raw)
To: Netfilter users mailing list
Stefano Sabatini a écrit :
>
> iptables -m statistic --help
>
> Shouldn't it be mentioned in the iptables man page?
Yes, it should. Patches are welcome.
> http://ovid.rdsct.ro/log/modules/index
I can understand the author. Changes in Netfilter/iptables may be
difficult to track, so I wrote for myself a sort of changelog.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ipt_random status
2007-11-06 15:25 ` Pascal Hambourg
@ 2007-11-10 17:13 ` Stefano Sabatini
2007-11-11 10:57 ` Pascal Hambourg
0 siblings, 1 reply; 8+ messages in thread
From: Stefano Sabatini @ 2007-11-10 17:13 UTC (permalink / raw)
To: Netfilter users mailing list
[-- Attachment #1: Type: text/plain, Size: 561 bytes --]
On date Tuesday 2007-11-06 16:25:48 +0100, Pascal Hambourg wrote:
> Stefano Sabatini a écrit :
>> iptables -m statistic --help
>> Shouldn't it be mentioned in the iptables man page?
>
> Yes, it should. Patches are welcome.
Here it is.
Can someone forward it to the devels?
>> http://ovid.rdsct.ro/log/modules/index
>
> I can understand the author. Changes in Netfilter/iptables may be difficult
> to track, so I wrote for myself a sort of changelog.
Best regards.
--
Stefano Sabatini
Linux user number 337176 (see http://counter.li.org)
[-- Attachment #2: document-xtstatistic.patch --]
[-- Type: text/x-diff, Size: 883 bytes --]
Index: extensions/libxt_statistic.man
===================================================================
--- extensions/libxt_statistic.man (revision 0)
+++ extensions/libxt_statistic.man (revision 0)
@@ -0,0 +1,30 @@
+This module matches packets based on some statistic condition.
+It supports two distinct modes settable with the
+.B --mode
+option.
+.TP
+Supported options:
+.TP
+.BI "--mode " "mode"
+Set the matching mode of the matching rule, supported modes are
+.B random
+or
+.B nth.
+.TP
+.BI "--probability " "p"
+Set the probability from 0 to 1 for a packet to be randomly
+matched. It works only with the
+.B random
+mode.
+.TP
+.BI "--every " "n"
+Match one packet every nth packet. It works only with the
+.B nth
+mode (see also the
+.B --packet
+option).
+.TP
+.BI "--packet " "p"
+Set the initial counter value (0 <= p <= n-1, default 0) for the
+.B nth
+mode.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ipt_random status
2007-11-10 17:13 ` Stefano Sabatini
@ 2007-11-11 10:57 ` Pascal Hambourg
2007-11-11 11:32 ` Stefano Sabatini
0 siblings, 1 reply; 8+ messages in thread
From: Pascal Hambourg @ 2007-11-11 10:57 UTC (permalink / raw)
To: Netfilter users mailing list
Stefano Sabatini a écrit :
> On date Tuesday 2007-11-06 16:25:48 +0100, Pascal Hambourg wrote:
>>
>>Patches are welcome.
>
> Here it is.
> Can someone forward it to the devels?
Sorry, I forgot to mention that patches must be submitted to the
netfilter-devel list.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ipt_random status
2007-11-11 10:57 ` Pascal Hambourg
@ 2007-11-11 11:32 ` Stefano Sabatini
2007-11-12 14:34 ` Stefano Sabatini
0 siblings, 1 reply; 8+ messages in thread
From: Stefano Sabatini @ 2007-11-11 11:32 UTC (permalink / raw)
To: Netfilter users mailing list
On date Sunday 2007-11-11 11:57:37 +0100, Pascal Hambourg wrote:
> Stefano Sabatini a écrit :
>> On date Tuesday 2007-11-06 16:25:48 +0100, Pascal Hambourg wrote:
>>>
>>> Patches are welcome.
>> Here it is.
>> Can someone forward it to the devels?
>
> Sorry, I forgot to mention that patches must be submitted to the
> netfilter-devel list.
Ugh, I was trying to avoid that...
Regards.
--
Stefano Sabatini
Linux user number 337176 (see http://counter.li.org)
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: ipt_random status
2007-11-11 11:32 ` Stefano Sabatini
@ 2007-11-12 14:34 ` Stefano Sabatini
0 siblings, 0 replies; 8+ messages in thread
From: Stefano Sabatini @ 2007-11-12 14:34 UTC (permalink / raw)
To: Netfilter users mailing list
On date Sunday 2007-11-11 12:32:05 +0100, Stefano Sabatini wrote:
> On date Sunday 2007-11-11 11:57:37 +0100, Pascal Hambourg wrote:
> > Stefano Sabatini a écrit :
> >> On date Tuesday 2007-11-06 16:25:48 +0100, Pascal Hambourg wrote:
> >>>
> >>> Patches are welcome.
> >> Here it is.
> >> Can someone forward it to the devels?
> >
> > Sorry, I forgot to mention that patches must be submitted to the
> > netfilter-devel list.
>
> Ugh, I was trying to avoid that...
It got applied today :-).
Best regards.
--
Stefano Sabatini
Linux user number 337176 (see http://counter.li.org)
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2007-11-12 14:34 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-11-05 15:07 ipt_random status Stefano Sabatini
2007-11-05 16:10 ` Pascal Hambourg
2007-11-05 9:32 ` Stefano Sabatini
2007-11-06 15:25 ` Pascal Hambourg
2007-11-10 17:13 ` Stefano Sabatini
2007-11-11 10:57 ` Pascal Hambourg
2007-11-11 11:32 ` Stefano Sabatini
2007-11-12 14:34 ` Stefano Sabatini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox