On Thu, Oct 26, 2017 at 11:22:02AM +0200, Pablo Neira Ayuso wrote: > On Thu, Oct 26, 2017 at 11:09:26AM +0200, Laura García Liébana wrote: > > > From: Zheng konia <konianet@xxxxxxxxx> > > > Date: Thu, Oct 26, 2017 at 10:48 AM > > > Subject: How to enable jhash for nftables v0.8 > > > To: Netfilter Users Mailing list <netfilter@xxxxxxxxxxxxxxx> > > > > > > > > > Hi, > > > > > > I'm have some error with configureing nftables-nat with loading > > > balance when I trying `jhash`. > > > > > > # nft add rule nat prerouting mark set jhash ip saddr . tcp dport mod 2 > > > Error: Could not process rule: Invalid argument > > > add rule nat prerouting mark set jhash ip saddr . tcp dport mod 2 > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > Hi, the jhash expression it's correct but you should try with: > > > > # nft add rule ip nat prerouting ct mark set jhash ... > > Probably he doesn't want to set the mark... but match on it based on > the jhash result. I mean, the rule is valid. Although it may not make much sense? It's just marking the first packet only. Anyway, I suspect Zheng is running a kernel with no jhash support. It would be good to document on the wiki since what kernel version this is supported. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
