From 1ebd1e974e95ea90389064265523840968f50859 Mon Sep 17 00:00:00 2001 From: Laura Garcia Liebana Date: Thu, 23 Feb 2017 12:11:08 +0100 Subject: expr: hash: support of symmetric hash This patch provides symmetric hash support according to source ip address and port, and destination ip address and port. The new attribute NFTA_HASH_TYPE has been included to support different types of hashing functions. Currently supported NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash. The main difference between both types are: - jhash requires an expression with sreg, symhash doesn't. - symhash supports modulus and offset, but not seed. Examples: nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2 nft add rule ip nat prerouting ct mark set symhash mod 2 Signed-off-by: Laura Garcia Liebana Signed-off-by: Pablo Neira Ayuso --- tests/nft-expr_hash-test.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tests') diff --git a/tests/nft-expr_hash-test.c b/tests/nft-expr_hash-test.c index d928234..7be6e9e 100644 --- a/tests/nft-expr_hash-test.c +++ b/tests/nft-expr_hash-test.c @@ -45,6 +45,9 @@ static void cmp_nftnl_expr(struct nftnl_expr *rule_a, if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_HASH_OFFSET) != nftnl_expr_get_u32(rule_b, NFTNL_EXPR_HASH_OFFSET)) print_err("Expr NFTNL_EXPR_HASH_OFFSET mismatches"); + if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_HASH_TYPE) != + nftnl_expr_get_u32(rule_b, NFTNL_EXPR_HASH_TYPE)) + print_err("Expr NFTNL_EXPR_HASH_TYPE mismatches"); } int main(int argc, char *argv[]) @@ -69,6 +72,7 @@ int main(int argc, char *argv[]) nftnl_expr_set_u32(ex, NFTNL_EXPR_HASH_MODULUS, 0x78123456); nftnl_expr_set_u32(ex, NFTNL_EXPR_HASH_SEED, 0x78123456); nftnl_expr_set_u32(ex, NFTNL_EXPR_HASH_OFFSET, 0x3612845); + nftnl_expr_set_u32(ex, NFTNL_EXPR_HASH_TYPE, NFT_HASH_JENKINS); nftnl_rule_add_expr(a, ex); -- cgit v1.2.3