Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Mon, Sep 12, 2016 at 02:22:57PM +0200, Florian Westphal wrote: > > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > On Sun, Sep 11, 2016 at 11:12:26PM +0200, Florian Westphal wrote: > > > > My first thought was that it would be better to just support one single > > > > sreg (the queue number) and eventually externalize the hashing/queue > > > > selection: > > > > > > > > queue num jhash ip saddr . ip daddr mod ... > > > > > > > > Problem is that with plain jhash we won't get a symmetric hash > > > > for origin and reply, so for this we would need a new expression/hash > > > > mode. > > > > > > Are you think of xor hashing to provide the symmetry? Downside is that > > > bad tuple selection may result in poor distribution, but this is > > > something we can document. > > > > No, I was thinking of a new hash mode to do this, e.g. just do same > > what current nfqueue selection does: hash lower address first. > > Currently we have one single register pointing to the entire tuple > concatenation that we hash, we would need to support multiple > registers as input, check that they are consecutive. Then, the logic > to compare the data. And a way to express this in syntax. Ugh. Ok, lets ignore this for now. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
