Re: [PATCH 1/1] extensions: libxt_cluster: Add translation to nft

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: Shyam Saini <mayhs11saini@gmail.com>, g@breakpoint.cc
Cc: netfilter-devel@vger.kernel.org, pablo@netfilter.org,
	arturo@debian.org, fw@strlen.de
Subject: Re: [PATCH 1/1] extensions: libxt_cluster: Add translation to nft
Date: Wed, 24 May 2017 17:43:02 +0200	[thread overview]
Message-ID: <20170524154302.GE11547@breakpoint.cc> (raw)
In-Reply-To: <1495629111-8206-1-git-send-email-mayhs11saini@gmail.com>

Shyam Saini <mayhs11saini@gmail.com> wrote:
> Add translation for cluster to nft
> 
> $ sudo iptables-translate -A PREROUTING -t mangle -i eth1 -m cluster --cluster-total-nodes 2 --cluster-local-node 1 --cluster-hash-seed
> 0xdeadbeef -j MARK --set-mark 0xffff
> 
> nft add rule ip mangle PREROUTING iifname eth1 ct state {new,established, related, untracked} ct direction original mark set jhash ip saddr mod 2 seed 0xdeadbeef offset 1 counter meta mark set 0xffff

Can you explain why ct expression is needed in this way?

afaics translation would be (untested):

nft add rule ip mangle PREROUTING iifname eth1 mark set jhash ct saddr mod 2 seed 0xdeadbeef offset 1 counter meta mark set 0xffff fib saddr type multicast meta pkttype set host

we might need to implement "ct master-saddr" to deal with ct->master use
in xt_cluster as well, but we could do that later as a followup.

fib saddr type is needed to not set real mutlicast traffic to unicast
type and only catch l3-unicast-in-l2-multicast.

next prev parent reply	other threads:[~2017-05-24 15:43 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-24 12:31 [PATCH 1/1] extensions: libxt_cluster: Add translation to nft Shyam Saini
2017-05-24 15:43 ` Florian Westphal [this message]
2017-05-25 10:10   ` Shyam Saini
2017-05-24 15:44 ` Pablo Neira Ayuso
2017-05-24 15:46   ` Florian Westphal
2017-05-24 16:05     ` Pablo Neira Ayuso
2017-05-25 10:12   ` Shyam Saini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170524154302.GE11547@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=arturo@debian.org \
    --cc=g@breakpoint.cc \
    --cc=mayhs11saini@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.