diff options
author | Liping Zhang <zlpnobody@gmail.com> | 2017-04-15 17:22:17 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-04-15 11:30:08 +0200 |
commit | e2b25ccc31b8262a0739b46337fbb354e00aa1d6 (patch) | |
tree | 05db8f700716c22ef19ff6153807a173d17a8821 /src/hash.c | |
parent | cd3877cd4a7c4943dc29c274366795f02c42feb0 (diff) |
hash: generate a random seed if seed option is empty
Typing the "nft add rule x y ct mark set jhash ip saddr mod 2" will
not generate a random seed, instead, the seed will always be zero.
So if seed option is empty, we shoulde not set the NFTA_HASH_SEED
attribute, then a random seed will be generated in the kernel.
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/hash.c')
-rw-r--r-- | src/hash.c | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -28,7 +28,7 @@ static void hash_expr_print(const struct expr *expr) } printf(" mod %u", expr->hash.mod); - if ((expr->hash.type == NFT_HASH_JENKINS) && expr->hash.seed) + if (expr->hash.seed_set) printf(" seed 0x%x", expr->hash.seed); if (expr->hash.offset) printf(" offset %u", expr->hash.offset); @@ -39,6 +39,7 @@ static bool hash_expr_cmp(const struct expr *e1, const struct expr *e2) return (e1->hash.expr || expr_cmp(e1->hash.expr, e2->hash.expr)) && e1->hash.mod == e2->hash.mod && + e1->hash.seed_set == e2->hash.seed_set && e1->hash.seed == e2->hash.seed && e1->hash.offset == e2->hash.offset && e1->hash.type == e2->hash.type; @@ -49,6 +50,7 @@ static void hash_expr_clone(struct expr *new, const struct expr *expr) if (expr->hash.expr) new->hash.expr = expr_clone(expr->hash.expr); new->hash.mod = expr->hash.mod; + new->hash.seed_set = expr->hash.seed_set; new->hash.seed = expr->hash.seed; new->hash.offset = expr->hash.offset; new->hash.type = expr->hash.type; @@ -62,8 +64,10 @@ static const struct expr_ops hash_expr_ops = { .clone = hash_expr_clone, }; -struct expr *hash_expr_alloc(const struct location *loc, uint32_t mod, - uint32_t seed, uint32_t offset, +struct expr *hash_expr_alloc(const struct location *loc, + uint32_t mod, + bool seed_set, uint32_t seed, + uint32_t offset, enum nft_hash_types type) { struct expr *expr; @@ -71,6 +75,7 @@ struct expr *hash_expr_alloc(const struct location *loc, uint32_t mod, expr = expr_alloc(loc, &hash_expr_ops, &integer_type, BYTEORDER_HOST_ENDIAN, 4 * BITS_PER_BYTE); expr->hash.mod = mod; + expr->hash.seed_set = seed_set; expr->hash.seed = seed; expr->hash.offset = offset; expr->hash.type = type; |