summaryrefslogtreecommitdiffstats
path: root/src/parser_bison.y
diff options
context:
space:
mode:
authorLaura Garcia Liebana <nevola@gmail.com>2017-02-28 18:42:50 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2017-03-06 18:25:05 +0100
commit3a86406729782ee2671ec7161c76529c2e4a44e4 (patch)
tree931f8f89b8ab46e248830aaf4d99570d32beb6a6 /src/parser_bison.y
parent24091fb6d084890ce167364ac78fed8ceb94ae85 (diff)
src: hash: support of symmetric hash
This patch provides symmetric hash support according to source ip address and port, and destination ip address and port. The new attribute NFTA_HASH_TYPE has been included to support different types of hashing functions. Currently supported NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash. The main difference between both types are: - jhash requires an expression with sreg, symhash doesn't. - symhash supports modulus and offset, but not seed. Examples: nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2 nft add rule ip nat prerouting ct mark set symhash mod 2 Signed-off-by: Laura Garcia Liebana <laura.garcia@zevenet.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
-rw-r--r--src/parser_bison.y16
1 files changed, 10 insertions, 6 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 15931e96..dff8a5ab 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -437,6 +437,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token OFFSET "offset"
%token JHASH "jhash"
+%token SYMHASH "symhash"
%token SEED "seed"
%token POSITION "position"
@@ -512,7 +513,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%destructor { stmt_free($$); } reject_stmt reject_stmt_alloc
%type <stmt> nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc
%destructor { stmt_free($$); } nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc
-%type <val> nf_nat_flags nf_nat_flag offset_opt
+%type <val> nf_nat_flags nf_nat_flag offset_opt seed_opt
%type <stmt> queue_stmt queue_stmt_alloc
%destructor { stmt_free($$); } queue_stmt queue_stmt_alloc
%type <val> queue_stmt_flags queue_stmt_flag
@@ -2916,15 +2917,18 @@ numgen_expr : NUMGEN numgen_type MOD NUM offset_opt
}
;
-hash_expr : JHASH expr MOD NUM SEED NUM offset_opt
+seed_opt : /* empty */ { $$ = 0; }
+ | SEED NUM { $$ = $2; }
+ ;
+
+hash_expr : JHASH expr MOD NUM seed_opt offset_opt
{
- $$ = hash_expr_alloc(&@$, $4, $6, $7);
+ $$ = hash_expr_alloc(&@$, $4, $5, $6, NFT_HASH_JENKINS);
$$->hash.expr = $2;
}
- | JHASH expr MOD NUM offset_opt
+ | SYMHASH MOD NUM offset_opt
{
- $$ = hash_expr_alloc(&@$, $4, 0, $5);
- $$->hash.expr = $2;
+ $$ = hash_expr_alloc(&@$, $3, 0, $4, NFT_HASH_SYM);
}
;