[nf] netfilter: fix symhash with modulus one
diff mbox series

Message ID 20190715112337.gobsm3ljlmgtarnf@nevthink
State Accepted
Delegated to: Pablo Neira
Headers show
Series
  • [nf] netfilter: fix symhash with modulus one
Related show

Commit Message

Laura Garcia July 15, 2019, 11:23 a.m. UTC
The rule below doesn't work as the kernel raises -ERANGE.

nft add rule netdev nftlb lb01 ip daddr set \
	symhash mod 1 map { 0 : 192.168.0.10 } fwd to "eth0"

This patch allows to use the symhash modulus with one
element, in the same way that the other types of hashes and
algorithms that uses the modulus parameter.

Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
---
 net/netfilter/nft_hash.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Pablo Neira Ayuso July 16, 2019, 11:24 a.m. UTC | #1
On Mon, Jul 15, 2019 at 01:23:37PM +0200, Laura Garcia Liebana wrote:
> The rule below doesn't work as the kernel raises -ERANGE.
> 
> nft add rule netdev nftlb lb01 ip daddr set \
> 	symhash mod 1 map { 0 : 192.168.0.10 } fwd to "eth0"
> 
> This patch allows to use the symhash modulus with one
> element, in the same way that the other types of hashes and
> algorithms that uses the modulus parameter.

Applied, thanks Laura.

Patch
diff mbox series

diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index fe93e731dc7f..b836d550b919 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -129,7 +129,7 @@  static int nft_symhash_init(const struct nft_ctx *ctx,
 	priv->dreg = nft_parse_register(tb[NFTA_HASH_DREG]);
 
 	priv->modulus = ntohl(nla_get_be32(tb[NFTA_HASH_MODULUS]));
-	if (priv->modulus <= 1)
+	if (priv->modulus < 1)
 		return -ERANGE;
 
 	if (priv->offset + priv->modulus - 1 < priv->offset)