Math operations: Difference between revisions
Jump to navigation
Jump to search
(create page with basic content) |
(add hashing section) |
||
| Line 17: | Line 17: | ||
mark set numgen random mod 50 offset 20 | mark set numgen random mod 50 offset 20 | ||
mark set numgen inc mod 100 | mark set numgen inc mod 100 | ||
} | |||
} | |||
</source> | |||
= Hashing = | |||
nftables support hashing of any arbitrary key combination: | |||
<source> | |||
table ip t { | |||
chain c { | |||
mark set jhash ip saddr mod 2 | |||
mark set jhash ip saddr . tcp dport mod 2 | |||
mark set jhash ip saddr . tcp dport . iiftype mod 2 | |||
} | } | ||
} | } | ||
</source> | </source> | ||
Revision as of 12:49, 5 January 2017
nftables includes some interesting math operations generators which can be used to perform advanced operations like Load balancing.
Number generator
The number generator statement has these options:
- type: inc/random.
- modulus: maximun number
- offset: from what value you want to start from
Some examples, distributing marks to packets:
table ip t {
chain c {
mark set numgen inc mod 4 offset 3
mark set numgen random mod 50 offset 20
mark set numgen inc mod 100
}
}Hashing
nftables support hashing of any arbitrary key combination:
table ip t {
chain c {
mark set jhash ip saddr mod 2
mark set jhash ip saddr . tcp dport mod 2
mark set jhash ip saddr . tcp dport . iiftype mod 2
}
}