Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Sun, Sep 11, 2016 at 11:12:26PM +0200, Florian Westphal wrote: > > My first thought was that it would be better to just support one single > > sreg (the queue number) and eventually externalize the hashing/queue > > selection: > > > > queue num jhash ip saddr . ip daddr mod ... > > > > Problem is that with plain jhash we won't get a symmetric hash > > for origin and reply, so for this we would need a new expression/hash > > mode. > > Are you think of xor hashing to provide the symmetry? Downside is that > bad tuple selection may result in poor distribution, but this is > something we can document. No, I was thinking of a new hash mode to do this, e.g. just do same what current nfqueue selection does: hash lower address first. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
