git.ipfire.org Git - thirdparty/iptables.git/commit

author	Hans Schillstrom <hans.schillstrom@ericsson.com>
	Mon, 23 Apr 2012 03:35:28 +0000 (03:35 +0000)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 14 Jul 2012 13:47:30 +0000 (15:47 +0200)
commit	4df8cb6ab176f3c1f2bf9498d0abde8d9362087b
tree	6e8b6addf20992f239d1163d9d52d3caf0467eb4	tree \| snapshot
parent	a96166c24eaac1c91bed4815c09e91733409d888	commit \| diff

extensions: add HMARK target

The target allows you to set mark packets based Jenkins' hash calculation:

h(t, rnd) = x

mark = (x % mod) + offset

where:

* t is a tuple that is used for the hashing:

t = [ src, dst, proto, sport, dport ]

Note that you can customize the tuple, thus, removing some component
that you don't want to use for the calculation. You can also use spi
instead of sport and dport, btw.

* rnd is the random seed that is explicitly passed via --hmark-rnd
* mod is the modulus, to determine the range of possible marks
* offset determines where the mark starts from

This target only works for the "raw" and "mangle" tables.

This can be used to distribute flows between a cluster of
systems and uplinks.

Initially based on work from Hans Schillingstrom. Pablo took it
over and introduced several improvements.

Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

extensions/libxt_HMARK.c	[new file with mode: 0644]	blob
extensions/libxt_HMARK.man	[new file with mode: 0644]	blob
include/linux/netfilter/xt_HMARK.h	[new file with mode: 0644]	blob