expr: hash: support of symmetric hash
This patch provides symmetric hash support according to source ip address and port, and destination ip address and port. The new attribute NFTA_HASH_TYPE has been included to support different types of hashing functions. Currently supported NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash. The main difference between both types are: - jhash requires an expression with sreg, symhash doesn't. - symhash supports modulus and offset, but not seed. Examples: nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2 nft add rule ip nat prerouting ct mark set symhash mod 2 Signed-off-by: Laura Garcia Liebana <> Signed-off-by: Pablo Neira Ayuso <>
@@ -45,6 +45,9 @@ static void cmp_nftnl_expr(struct nftnl_expr *rule_a,
if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_HASH_OFFSET) !=
nftnl_expr_get_u32(rule_b, NFTNL_EXPR_HASH_OFFSET))
print_err("Expr NFTNL_EXPR_HASH_OFFSET mismatches");
+ if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_HASH_TYPE) !=
+ nftnl_expr_get_u32(rule_b, NFTNL_EXPR_HASH_TYPE))
+ print_err("Expr NFTNL_EXPR_HASH_TYPE mismatches");
int main(int argc, char *argv[])
@@ -69,6 +72,7 @@ int main(int argc, char *argv[])
nftnl_expr_set_u32(ex, NFTNL_EXPR_HASH_MODULUS, 0x78123456);
nftnl_expr_set_u32(ex, NFTNL_EXPR_HASH_SEED, 0x78123456);
nftnl_expr_set_u32(ex, NFTNL_EXPR_HASH_OFFSET, 0x3612845);
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_HASH_TYPE, NFT_HASH_JENKINS);
nftnl_rule_add_expr(a, ex);