diff options
author | Laura Garcia Liebana <nevola@gmail.com> | 2017-02-28 18:42:50 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-03-06 18:25:05 +0100 |
commit | 3a86406729782ee2671ec7161c76529c2e4a44e4 (patch) | |
tree | 931f8f89b8ab46e248830aaf4d99570d32beb6a6 /src/parser_bison.y | |
parent | 24091fb6d084890ce167364ac78fed8ceb94ae85 (diff) |
src: hash: support of symmetric hash
This patch provides symmetric hash support according to source
ip address and port, and destination ip address and port.
The new attribute NFTA_HASH_TYPE has been included to support
different types of hashing functions. Currently supported
NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash.
The main difference between both types are:
- jhash requires an expression with sreg, symhash doesn't.
- symhash supports modulus and offset, but not seed.
Examples:
nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2
nft add rule ip nat prerouting ct mark set symhash mod 2
Signed-off-by: Laura Garcia Liebana <laura.garcia@zevenet.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
-rw-r--r-- | src/parser_bison.y | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 15931e96..dff8a5ab 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -437,6 +437,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token OFFSET "offset" %token JHASH "jhash" +%token SYMHASH "symhash" %token SEED "seed" %token POSITION "position" @@ -512,7 +513,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %destructor { stmt_free($$); } reject_stmt reject_stmt_alloc %type <stmt> nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc %destructor { stmt_free($$); } nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc -%type <val> nf_nat_flags nf_nat_flag offset_opt +%type <val> nf_nat_flags nf_nat_flag offset_opt seed_opt %type <stmt> queue_stmt queue_stmt_alloc %destructor { stmt_free($$); } queue_stmt queue_stmt_alloc %type <val> queue_stmt_flags queue_stmt_flag @@ -2916,15 +2917,18 @@ numgen_expr : NUMGEN numgen_type MOD NUM offset_opt } ; -hash_expr : JHASH expr MOD NUM SEED NUM offset_opt +seed_opt : /* empty */ { $$ = 0; } + | SEED NUM { $$ = $2; } + ; + +hash_expr : JHASH expr MOD NUM seed_opt offset_opt { - $$ = hash_expr_alloc(&@$, $4, $6, $7); + $$ = hash_expr_alloc(&@$, $4, $5, $6, NFT_HASH_JENKINS); $$->hash.expr = $2; } - | JHASH expr MOD NUM offset_opt + | SYMHASH MOD NUM offset_opt { - $$ = hash_expr_alloc(&@$, $4, 0, $5); - $$->hash.expr = $2; + $$ = hash_expr_alloc(&@$, $3, 0, $4, NFT_HASH_SYM); } ; |