# Difference between revisions of "Math operations"

From nftables wiki

(create page with basic content) |
(add hashing section) |
||

Line 17: | Line 17: | ||

mark set numgen random mod 50 offset 20 | mark set numgen random mod 50 offset 20 | ||

mark set numgen inc mod 100 | mark set numgen inc mod 100 | ||

+ | } | ||

+ | } | ||

+ | </source> | ||

+ | |||

+ | = Hashing = | ||

+ | |||

+ | nftables support hashing of any arbitrary key combination: | ||

+ | |||

+ | <source> | ||

+ | table ip t { | ||

+ | chain c { | ||

+ | mark set jhash ip saddr mod 2 | ||

+ | mark set jhash ip saddr . tcp dport mod 2 | ||

+ | mark set jhash ip saddr . tcp dport . iiftype mod 2 | ||

} | } | ||

} | } | ||

</source> | </source> |

## Revision as of 13:49, 5 January 2017

nftables includes some interesting math operations generators which can be used to perform advanced operations like Load balancing.

# Number generator

The number generator statement has these options:

- type: inc/random.
- modulus: maximun number
- offset: from what value you want to start from

Some examples, distributing marks to packets:

```
table ip t {
chain c {
mark set numgen inc mod 4 offset 3
mark set numgen random mod 50 offset 20
mark set numgen inc mod 100
}
}
```

# Hashing

nftables support hashing of any arbitrary key combination:

```
table ip t {
chain c {
mark set jhash ip saddr mod 2
mark set jhash ip saddr . tcp dport mod 2
mark set jhash ip saddr . tcp dport . iiftype mod 2
}
}
```