diff options
author | Phil Sutter <phil@nwl.cc> | 2019-11-27 18:09:05 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2019-11-27 18:51:00 +0100 |
commit | 7ef6eb2ef15cf161044ac3167e55d071060e5637 (patch) | |
tree | 990e13cc279bd7352b7b4f7c0985b1d1b15e8cef /doc | |
parent | 94a46b8ba0162b712e49482661502a2cdd87d225 (diff) |
nft.8: Describe numgen expression
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/primary-expression.txt | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt index 0316a7e1..5473d598 100644 --- a/doc/primary-expression.txt +++ b/doc/primary-expression.txt @@ -397,3 +397,29 @@ ipv4_addr/ipv6_addr Destination address of the tunnel| ipv4_addr/ipv6_addr |================================= + +NUMGEN EXPRESSION +~~~~~~~~~~~~~~~~~ + +[verse] +*numgen* {*inc* | *random*} *mod* 'NUM' [ *offset* 'NUM' ] + +Create a number generator. The *inc* or *random* keywords control its +operation mode: In *inc* mode, the last returned value is simply incremented. +In *random* mode, a new random number is returned. The value after *mod* +keyword specifies an upper boundary (read: modulus) which is not reached by +returned numbers. The optional *offset* allows to increment the returned value +by a fixed offset. + +A typical use-case for *numgen* is load-balancing: + +.Using numgen expression +------------------------ +# round-robin between 192.168.10.100 and 192.168.20.200: +add rule nat prerouting dnat to numgen inc mod 2 map \ + { 0 : 192.168.10.100, 1 : 192.168.20.200 } + +# probability-based with odd bias using intervals: +add rule nat prerouting dnat to numgen random mod 10 map \ + { 0-2 : 192.168.10.100, 3-9 : 192.168.20.200 } +------------------------ |