summaryrefslogtreecommitdiffstats
path: root/src/hash.c
diff options
context:
space:
mode:
authorLiping Zhang <zlpnobody@gmail.com>2017-04-15 17:22:17 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2017-04-15 11:30:08 +0200
commite2b25ccc31b8262a0739b46337fbb354e00aa1d6 (patch)
tree05db8f700716c22ef19ff6153807a173d17a8821 /src/hash.c
parentcd3877cd4a7c4943dc29c274366795f02c42feb0 (diff)
hash: generate a random seed if seed option is empty
Typing the "nft add rule x y ct mark set jhash ip saddr mod 2" will not generate a random seed, instead, the seed will always be zero. So if seed option is empty, we shoulde not set the NFTA_HASH_SEED attribute, then a random seed will be generated in the kernel. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/hash.c')
-rw-r--r--src/hash.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/src/hash.c b/src/hash.c
index bec1684e..c738d0b6 100644
--- a/src/hash.c
+++ b/src/hash.c
@@ -28,7 +28,7 @@ static void hash_expr_print(const struct expr *expr)
}
printf(" mod %u", expr->hash.mod);
- if ((expr->hash.type == NFT_HASH_JENKINS) && expr->hash.seed)
+ if (expr->hash.seed_set)
printf(" seed 0x%x", expr->hash.seed);
if (expr->hash.offset)
printf(" offset %u", expr->hash.offset);
@@ -39,6 +39,7 @@ static bool hash_expr_cmp(const struct expr *e1, const struct expr *e2)
return (e1->hash.expr ||
expr_cmp(e1->hash.expr, e2->hash.expr)) &&
e1->hash.mod == e2->hash.mod &&
+ e1->hash.seed_set == e2->hash.seed_set &&
e1->hash.seed == e2->hash.seed &&
e1->hash.offset == e2->hash.offset &&
e1->hash.type == e2->hash.type;
@@ -49,6 +50,7 @@ static void hash_expr_clone(struct expr *new, const struct expr *expr)
if (expr->hash.expr)
new->hash.expr = expr_clone(expr->hash.expr);
new->hash.mod = expr->hash.mod;
+ new->hash.seed_set = expr->hash.seed_set;
new->hash.seed = expr->hash.seed;
new->hash.offset = expr->hash.offset;
new->hash.type = expr->hash.type;
@@ -62,8 +64,10 @@ static const struct expr_ops hash_expr_ops = {
.clone = hash_expr_clone,
};
-struct expr *hash_expr_alloc(const struct location *loc, uint32_t mod,
- uint32_t seed, uint32_t offset,
+struct expr *hash_expr_alloc(const struct location *loc,
+ uint32_t mod,
+ bool seed_set, uint32_t seed,
+ uint32_t offset,
enum nft_hash_types type)
{
struct expr *expr;
@@ -71,6 +75,7 @@ struct expr *hash_expr_alloc(const struct location *loc, uint32_t mod,
expr = expr_alloc(loc, &hash_expr_ops, &integer_type,
BYTEORDER_HOST_ENDIAN, 4 * BITS_PER_BYTE);
expr->hash.mod = mod;
+ expr->hash.seed_set = seed_set;
expr->hash.seed = seed;
expr->hash.offset = offset;
expr->hash.type = type;