On Fri, Mar 22, 2019 at 11:41 PM Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx> wrote: > > I'd like to use nftables to classify packets into HFSC classes based on jhash of IP addresses, but like tc-flow I'd like to perturb the hash every N seconds. How can I accomplish this? If you don't have any really important reason then wait. I'm implementing nftables classification for HFSC and I've reported some bugs, which in a few cases are in kernel API for nftables (patches are for kernel 5.0). I don't have any other way, since I do a lot of dynamics so I can't use iptables. I'm moving from tc filter hash tables which don't allow me to prioritize packets without a lot of modifications in network setup or heavier CPU utilization and even more complex structure of hash tables. I don't know, how to accomplish this particular hashing, but I came across this interesting article when I was at the beginning and it helped me a lot. https://developers.redhat.com/blog/2017/04/11/benchmarking-nftables/. If you need, I can provide you my prototype for nftables structure I use to do classification of packets. Yet I don't have any real comparison to tc filter (comparison in article is misleading since it doesn't use hash tables), but I'm getting close to testing phase (I had some problems with kernel 5.0 in my programs). > Related: In general, what kinds of math are available in nftables. I saw the wiki described relation operators but doesn't describe arithmetic etc like integer division, modulo, add subtract multiply xor etc. You can try to build nftables from git repository. There is good manual included - you can build it even i pdf if needed. I can't give you more in depth information since I don't know and as long it works I don't even care :-) Or you can dig into source of course.
