From 3a86406729782ee2671ec7161c76529c2e4a44e4 Mon Sep 17 00:00:00 2001 From: Laura Garcia Liebana Date: Tue, 28 Feb 2017 18:42:50 +0100 Subject: src: hash: support of symmetric hash This patch provides symmetric hash support according to source ip address and port, and destination ip address and port. The new attribute NFTA_HASH_TYPE has been included to support different types of hashing functions. Currently supported NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash. The main difference between both types are: - jhash requires an expression with sreg, symhash doesn't. - symhash supports modulus and offset, but not seed. Examples: nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2 nft add rule ip nat prerouting ct mark set symhash mod 2 Signed-off-by: Laura Garcia Liebana Signed-off-by: Pablo Neira Ayuso --- src/netlink_linearize.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'src/netlink_linearize.c') diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 48f34c25..293150e2 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -125,18 +125,23 @@ static void netlink_gen_hash(struct netlink_linearize_ctx *ctx, enum nft_registers sreg; struct nftnl_expr *nle; - sreg = get_register(ctx, expr->hash.expr); - netlink_gen_expr(ctx, expr->hash.expr, sreg); - release_register(ctx, expr->hash.expr); - nle = alloc_nft_expr("hash"); - netlink_put_register(nle, NFTNL_EXPR_HASH_SREG, sreg); + + if (expr->hash.expr) { + sreg = get_register(ctx, expr->hash.expr); + netlink_gen_expr(ctx, expr->hash.expr, sreg); + release_register(ctx, expr->hash.expr); + netlink_put_register(nle, NFTNL_EXPR_HASH_SREG, sreg); + + nftnl_expr_set_u32(nle, NFTNL_EXPR_HASH_LEN, + div_round_up(expr->hash.expr->len, + BITS_PER_BYTE)); + } netlink_put_register(nle, NFTNL_EXPR_HASH_DREG, dreg); - nftnl_expr_set_u32(nle, NFTNL_EXPR_HASH_LEN, - div_round_up(expr->hash.expr->len, BITS_PER_BYTE)); nftnl_expr_set_u32(nle, NFTNL_EXPR_HASH_MODULUS, expr->hash.mod); nftnl_expr_set_u32(nle, NFTNL_EXPR_HASH_SEED, expr->hash.seed); nftnl_expr_set_u32(nle, NFTNL_EXPR_HASH_OFFSET, expr->hash.offset); + nftnl_expr_set_u32(nle, NFTNL_EXPR_HASH_TYPE, expr->hash.type); nftnl_rule_add_expr(ctx->nlr, nle); } -- cgit v1.2.3