From e2b25ccc31b8262a0739b46337fbb354e00aa1d6 Mon Sep 17 00:00:00 2001
From: Liping Zhang <zlpnobody@gmail.com>
Date: Sat, 15 Apr 2017 17:22:17 +0800
Subject: hash: generate a random seed if seed option is empty

Typing the "nft add rule x y ct mark set jhash ip saddr mod 2" will
not generate a random seed, instead, the seed will always be zero.

So if seed option is empty, we shoulde not set the NFTA_HASH_SEED
attribute, then a random seed will be generated in the kernel.

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_delinearize.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/netlink_delinearize.c')

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 9ad1e2c6..4a0b8dcc 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -525,13 +525,15 @@ static void netlink_parse_hash(struct netlink_parse_ctx *ctx,
 	struct expr *expr, *hexpr;
 	uint32_t mod, seed, len, offset;
 	enum nft_hash_types type;
+	bool seed_set;
 
 	type = nftnl_expr_get_u32(nle, NFTNL_EXPR_HASH_TYPE);
 	offset = nftnl_expr_get_u32(nle, NFTNL_EXPR_HASH_OFFSET);
+	seed_set = nftnl_expr_is_set(nle, NFTNL_EXPR_HASH_SEED);
 	seed = nftnl_expr_get_u32(nle, NFTNL_EXPR_HASH_SEED);
 	mod  = nftnl_expr_get_u32(nle, NFTNL_EXPR_HASH_MODULUS);
 
-	expr = hash_expr_alloc(loc, mod, seed, offset, type);
+	expr = hash_expr_alloc(loc, mod, seed_set, seed, offset, type);
 
 	if (type != NFT_HASH_SYM) {
 		sreg = netlink_parse_register(nle, NFTNL_EXPR_HASH_SREG);
-- 
cgit v1.2.3