Math operations

From nftables wiki

Revision as of 11:49, 5 January 2017 by Arturo (talk | contribs) (add hashing section)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

nftables includes some interesting math operations generators which can be used to perform advanced operations like Load balancing.

Number generator

The number generator statement has these options:

type: inc/random.
modulus: maximun number
offset: from what value you want to start from

Some examples, distributing marks to packets:

table ip t {
	chain c {
		mark set numgen inc mod 4 offset 3
		mark set numgen random mod 50 offset 20
		mark set numgen inc mod 100
	}
}

Hashing

nftables support hashing of any arbitrary key combination:

table ip t {
	chain c {
		mark set jhash ip saddr mod 2
		mark set jhash ip saddr . tcp dport mod 2
		mark set jhash ip saddr . tcp dport . iiftype mod 2
	}
}

Retrieved from "http://wiki.nftables.org/wiki-nftables/index.php?title=Math_operations&oldid=93"