[Bug 1736] nftables - dynamic update for verdict map from the packet path
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon Mar 25 12:01:59 CET 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1736
--- Comment #15 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to Pablo Neira Ayuso from comment #14)
> table ip loadbalancer {
> map affinity-mappings {
> type ipv4_addr : ipv4_addr
> size 65535
> flags dynamic,timeout
> timeout 4m
> }
>
> chain candidate-endpoint-1 {
> update @affinity-mappings { ip saddr counter : 11.0.2.1 }
> }
>
> chain candidate-endpoint-2 {
>
> update @affinity-mappings { ip saddr counter : 11.0.2.2 }
> }
>
> chain service-ABC {
>
> numgen random mod 2 vmap { 0 : goto candidate-endpoint-1, 1
> : goto candidate-endpoint-2 }
> meta l4proto tcp dnat to ip saddr map @affinity-mappings :
> 5001
> }
>
> }
This should be 'jump' not 'goto' BTW, so the dnat lookup happens after
refreshing @affinity-mappings.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240325/de96bff0/attachment.html>
More information about the netfilter-buglog
mailing list