Math operations: Difference between revisions
Jump to navigation
Jump to search
(create page with basic content) |
(→Number generator: add one more example) |
||
(One intermediate revision by the same user not shown) | |||
Line 17: | Line 17: | ||
mark set numgen random mod 50 offset 20 | mark set numgen random mod 50 offset 20 | ||
mark set numgen inc mod 100 | mark set numgen inc mod 100 | ||
} | |||
} | |||
</source> | |||
The statement '''numgen inc mod 2 offset 100''' will generate numbers in a series like 100, 101, 100, 101... | |||
= Hashing = | |||
nftables support hashing of any arbitrary key combination: | |||
<source> | |||
table ip t { | |||
chain c { | |||
mark set jhash ip saddr mod 2 | |||
mark set jhash ip saddr . tcp dport mod 2 | |||
mark set jhash ip saddr . tcp dport . iiftype mod 2 | |||
} | } | ||
} | } | ||
</source> | </source> |
Latest revision as of 13:05, 5 January 2017
nftables includes some interesting math operations generators which can be used to perform advanced operations like Load balancing.
Number generator
The number generator statement has these options:
- type: inc/random.
- modulus: maximun number
- offset: from what value you want to start from
Some examples, distributing marks to packets:
table ip t {
chain c {
mark set numgen inc mod 4 offset 3
mark set numgen random mod 50 offset 20
mark set numgen inc mod 100
}
}
The statement numgen inc mod 2 offset 100 will generate numbers in a series like 100, 101, 100, 101...
Hashing
nftables support hashing of any arbitrary key combination:
table ip t {
chain c {
mark set jhash ip saddr mod 2
mark set jhash ip saddr . tcp dport mod 2
mark set jhash ip saddr . tcp dport . iiftype mod 2
}
}