How to enable jhash for nftables v0.8

All of lore.kernel.org
 help / color / mirror / Atom feed

* How to enable jhash for nftables v0.8
@ 2017-10-26  8:48 Zheng konia
       [not found] ` <CAF90-WiarOqxC4=OALo4gdsit4sohWmJR1rp+KXr+WecSvPiJg@mail.gmail.com>
  0 siblings, 1 reply; 4+ messages in thread
From: Zheng konia @ 2017-10-26  8:48 UTC (permalink / raw)
  To: Netfilter Users Mailing list

Hi,

   I'm have some error with configureing nftables-nat with loading
balance when I trying `jhash`.

   # nft add rule nat prerouting mark set jhash ip saddr . tcp dport mod 2
         Error: Could not process rule: Invalid argument
         add rule nat prerouting mark set jhash ip saddr . tcp dport mod 2
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

   My environment is Debian 9 with nftables v0.8 (Joe Btfsplk).

    How can I enable jhash for nftables? Do I missing some package?


   Thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

[parent not found: <CAF90-WiarOqxC4=OALo4gdsit4sohWmJR1rp+KXr+WecSvPiJg@mail.gmail.com>]

* Re: How to enable jhash for nftables v0.8
       [not found] ` <CAF90-WiarOqxC4=OALo4gdsit4sohWmJR1rp+KXr+WecSvPiJg@mail.gmail.com>
@ 2017-10-26  9:09   ` Laura García Liébana
  2017-10-26  9:22     ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Laura García Liébana @ 2017-10-26  9:09 UTC (permalink / raw)
  To: netfilter

> From: Zheng konia <konianet@gmail.com>
> Date: Thu, Oct 26, 2017 at 10:48 AM
> Subject: How to enable jhash for nftables v0.8
> To: Netfilter Users Mailing list <netfilter@vger.kernel.org>
>
>
> Hi,
>
>    I'm have some error with configureing nftables-nat with loading
> balance when I trying `jhash`.
>
>    # nft add rule nat prerouting mark set jhash ip saddr . tcp dport mod 2
>          Error: Could not process rule: Invalid argument
>          add rule nat prerouting mark set jhash ip saddr . tcp dport mod 2
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Hi, the jhash expression it's correct but you should try with:

# nft add rule ip nat prerouting ct mark set jhash ...

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: How to enable jhash for nftables v0.8
  2017-10-26  9:09   ` Laura García Liébana
@ 2017-10-26  9:22     ` Pablo Neira Ayuso
  2017-10-26  9:34       ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2017-10-26  9:22 UTC (permalink / raw)
  To: Laura García Liébana; +Cc: netfilter

On Thu, Oct 26, 2017 at 11:09:26AM +0200, Laura García Liébana wrote:
> > From: Zheng konia <konianet@gmail.com>
> > Date: Thu, Oct 26, 2017 at 10:48 AM
> > Subject: How to enable jhash for nftables v0.8
> > To: Netfilter Users Mailing list <netfilter@vger.kernel.org>
> >
> >
> > Hi,
> >
> >    I'm have some error with configureing nftables-nat with loading
> > balance when I trying `jhash`.
> >
> >    # nft add rule nat prerouting mark set jhash ip saddr . tcp dport mod 2
> >          Error: Could not process rule: Invalid argument
> >          add rule nat prerouting mark set jhash ip saddr . tcp dport mod 2
> >         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Hi, the jhash expression it's correct but you should try with:
> 
> # nft add rule ip nat prerouting ct mark set jhash ...

Probably he doesn't want to set the mark... but match on it based on
the jhash result.

@Zheng, what kernel version are you using?

Thanks!

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: How to enable jhash for nftables v0.8
  2017-10-26  9:22     ` Pablo Neira Ayuso
@ 2017-10-26  9:34       ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2017-10-26  9:34 UTC (permalink / raw)
  To: Laura García Liébana; +Cc: netfilter

On Thu, Oct 26, 2017 at 11:22:02AM +0200, Pablo Neira Ayuso wrote:
> On Thu, Oct 26, 2017 at 11:09:26AM +0200, Laura García Liébana wrote:
> > > From: Zheng konia <konianet@gmail.com>
> > > Date: Thu, Oct 26, 2017 at 10:48 AM
> > > Subject: How to enable jhash for nftables v0.8
> > > To: Netfilter Users Mailing list <netfilter@vger.kernel.org>
> > >
> > >
> > > Hi,
> > >
> > >    I'm have some error with configureing nftables-nat with loading
> > > balance when I trying `jhash`.
> > >
> > >    # nft add rule nat prerouting mark set jhash ip saddr . tcp dport mod 2
> > >          Error: Could not process rule: Invalid argument
> > >          add rule nat prerouting mark set jhash ip saddr . tcp dport mod 2
> > >         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > 
> > Hi, the jhash expression it's correct but you should try with:
> > 
> > # nft add rule ip nat prerouting ct mark set jhash ...
> 
> Probably he doesn't want to set the mark... but match on it based on
> the jhash result.

I mean, the rule is valid. Although it may not make much sense? It's
just marking the first packet only.

Anyway, I suspect Zheng is running a kernel with no jhash support.

It would be good to document on the wiki since what kernel version
this is supported.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-10-26  9:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-26  8:48 How to enable jhash for nftables v0.8 Zheng konia
     [not found] ` <CAF90-WiarOqxC4=OALo4gdsit4sohWmJR1rp+KXr+WecSvPiJg@mail.gmail.com>
2017-10-26  9:09   ` Laura García Liébana
2017-10-26  9:22     ` Pablo Neira Ayuso
2017-10-26  9:34       ` Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.