On 5/26/2015 9:45 AM, Antonio Eugenio Burriel wrote: > Hi Tom and sorry for the late answer, > > >> If you mean that the *sum* of the normalized probabilities exceeds 1.0, >> that is to be expected. Remember that those packets that have been given >> a mark for an interface are not passed on to the rule for the remaining >> interfaces . So, in your example with DSL3 'enabled', the normalized >> probabilities are: >> >> DSL1 = 0.25000000 >> DSL2 = 0.33333333 >> DSL3 = 1.00000000 > Exactly, that's what I meant. > > But, with the previous three providers, Shorewall computes these: > Interface dsl0 probability=.25000000 > Interface dsl1 probability=.33333333 > Interface dsl2 probability=1.19999999 > > So iptables complains: > iptables v1.4.20: statistic: bad value for option "--probability", or > out of range (0-1). > > Try `iptables -h' or 'iptables --help' for more information. > ERROR: Command "/sbin/iptables -t mangle -A ~dsl2 -m statistic > --mode random --probability 1.19999999 -j MARK --set-mark > 0x30000/0xff0000" > > I haven't yet got the time to think about this, buy maybe it will be > enough to clamp $load before passing it to iptables I committed such a change several days ago:
http://sourceforge.net/p/shorewall/code/ci/c851e03313a7006e1c080fa2de9a49e4ed4f6d7f -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
