From 3a86406729782ee2671ec7161c76529c2e4a44e4 Mon Sep 17 00:00:00 2001
From: Laura Garcia Liebana <nevola@gmail.com>
Date: Tue, 28 Feb 2017 18:42:50 +0100
Subject: src: hash: support of symmetric hash

This patch provides symmetric hash support according to source
ip address and port, and destination ip address and port.

The new attribute NFTA_HASH_TYPE has been included to support
different types of hashing functions. Currently supported
NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash.

The main difference between both types are:
 - jhash requires an expression with sreg, symhash doesn't.
 - symhash supports modulus and offset, but not seed.

Examples:

 nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2
 nft add rule ip nat prerouting ct mark set symhash mod 2

Signed-off-by: Laura Garcia Liebana <laura.garcia@zevenet.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/evaluate.c')

diff --git a/src/evaluate.c b/src/evaluate.c
index 54985166..efcafc72 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1288,7 +1288,8 @@ static int expr_evaluate_hash(struct eval_ctx *ctx, struct expr **exprp)
 	expr_dtype_integer_compatible(ctx, expr);
 
 	expr_set_context(&ctx->ectx, NULL, 0);
-	if (expr_evaluate(ctx, &expr->hash.expr) < 0)
+	if (expr->hash.expr &&
+	    expr_evaluate(ctx, &expr->hash.expr) < 0)
 		return -1;
 
 	/* expr_evaluate_primary() sets the context to what to the input
-- 
cgit v1.2.3