Laura Garcia <nevola@xxxxxxxxx> wrote:
> On Thu, Jul 28, 2016 at 01:01:05AM +0200, Florian Westphal wrote:
> > How exactly is this used by nftables?
> >
> > AFAIU usespace will check if ->dreg is 0 or not, but does that make
> > sense?
> >
> > Seems to me it would be more straightforward to not use a dreg at all
> > and just NFT_BREAK if nval != 0?
> >
>
> The main idea is to provide a round robin like scheduling method, for
> example:
>
> ip daddr <ipsaddr> dnat nth 3 map {
> 0: <ipdaddrA>,
> 1: <ipdaddrB>,
> 2: <ipdaddrC>
> }
>
That makes sense, would be nice to place a small blurb in the commit
message.
> > Otherwise this looks good to me, except that I think we should consider
> > putting this in nft_meta.c instead of a new module.
>
> AFAIK meta is more to set or get metainformation from a certain
> packet. I consider this expression is closer to counter, but with a
> resetting value.
Ok, fair enough.
Thanks,
Florian
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
