From 3a86406729782ee2671ec7161c76529c2e4a44e4 Mon Sep 17 00:00:00 2001 From: Laura Garcia Liebana Date: Tue, 28 Feb 2017 18:42:50 +0100 Subject: src: hash: support of symmetric hash This patch provides symmetric hash support according to source ip address and port, and destination ip address and port. The new attribute NFTA_HASH_TYPE has been included to support different types of hashing functions. Currently supported NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash. The main difference between both types are: - jhash requires an expression with sreg, symhash doesn't. - symhash supports modulus and offset, but not seed. Examples: nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2 nft add rule ip nat prerouting ct mark set symhash mod 2 Signed-off-by: Laura Garcia Liebana Signed-off-by: Pablo Neira Ayuso --- src/parser_bison.y | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index 15931e96..dff8a5ab 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -437,6 +437,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token OFFSET "offset" %token JHASH "jhash" +%token SYMHASH "symhash" %token SEED "seed" %token POSITION "position" @@ -512,7 +513,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %destructor { stmt_free($$); } reject_stmt reject_stmt_alloc %type nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc %destructor { stmt_free($$); } nat_stmt nat_stmt_alloc masq_stmt masq_stmt_alloc redir_stmt redir_stmt_alloc -%type nf_nat_flags nf_nat_flag offset_opt +%type nf_nat_flags nf_nat_flag offset_opt seed_opt %type queue_stmt queue_stmt_alloc %destructor { stmt_free($$); } queue_stmt queue_stmt_alloc %type queue_stmt_flags queue_stmt_flag @@ -2916,15 +2917,18 @@ numgen_expr : NUMGEN numgen_type MOD NUM offset_opt } ; -hash_expr : JHASH expr MOD NUM SEED NUM offset_opt +seed_opt : /* empty */ { $$ = 0; } + | SEED NUM { $$ = $2; } + ; + +hash_expr : JHASH expr MOD NUM seed_opt offset_opt { - $$ = hash_expr_alloc(&@$, $4, $6, $7); + $$ = hash_expr_alloc(&@$, $4, $5, $6, NFT_HASH_JENKINS); $$->hash.expr = $2; } - | JHASH expr MOD NUM offset_opt + | SYMHASH MOD NUM offset_opt { - $$ = hash_expr_alloc(&@$, $4, 0, $5); - $$->hash.expr = $2; + $$ = hash_expr_alloc(&@$, $3, 0, $4, NFT_HASH_SYM); } ; -- cgit v1.2.3