| Message ID | 20161104125927.GA20394@sonyv |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
On Fri, Nov 04, 2016 at 01:59:31PM +0100, Laura Garcia Liebana wrote: > The hash expression requires a seed attribute to call the jhash > operation, eg. > > # nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2 \ > seed 0xdeadbeef > > With this patch the seed attribute is optional and it's generated by a > random function from userspace, eg. > > # nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2 > > The kernel will take care of generate a random seed. Applied, thanks Laura. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/parser_bison.y b/src/parser_bison.y index 17f23c5..82fec99 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2585,6 +2585,11 @@ hash_expr : JHASH expr MOD NUM SEED NUM $$ = hash_expr_alloc(&@$, $4, $6); $$->hash.expr = $2; } + | JHASH expr MOD NUM + { + $$ = hash_expr_alloc(&@$, $4, 0); + $$->hash.expr = $2; + } ; rt_expr : RT rt_key diff --git a/tests/py/ip/hash.t b/tests/py/ip/hash.t index 6dfa965..306ebfd 100644 --- a/tests/py/ip/hash.t +++ b/tests/py/ip/hash.t @@ -2,4 +2,5 @@ *ip;test-ip4;pre ct mark set jhash ip saddr . ip daddr mod 2 seed 0xdeadbeef;ok +ct mark set jhash ip saddr . ip daddr mod 2;ok dnat to jhash ip saddr mod 2 seed 0xdeadbeef map { 0 : 192.168.20.100, 1 : 192.168.30.100 };ok diff --git a/tests/py/ip/hash.t.payload b/tests/py/ip/hash.t.payload index d9a22eb..1188a1b 100644 --- a/tests/py/ip/hash.t.payload +++ b/tests/py/ip/hash.t.payload @@ -5,6 +5,13 @@ ip test-ip4 pre [ hash reg 1 = jhash(reg 2, 8, 0xdeadbeef) % mod 2 ] [ ct set mark with reg 1 ] +# ct mark set jhash ip saddr . ip daddr mod 2 +ip test-ip4 pre + [ payload load 4b @ network header + 12 => reg 2 ] + [ payload load 4b @ network header + 16 => reg 13 ] + [ hash reg 1 = jhash(reg 2, 8, 0x0) % mod 2 ] + [ ct set mark with reg 1 ] + # dnat to jhash ip saddr mod 2 seed 0xdeadbeef map { 0 : 192.168.20.100, 1 : 192.168.30.100 } __map%d test-ip4 b __map%d test-ip4 0
The hash expression requires a seed attribute to call the jhash operation, eg. # nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2 \ seed 0xdeadbeef With this patch the seed attribute is optional and it's generated by a random function from userspace, eg. # nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2 The kernel will take care of generate a random seed. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> --- Changes in v3: - The random generation is done in kernel side. - Tests included. src/parser_bison.y | 5 +++++ tests/py/ip/hash.t | 1 + tests/py/ip/hash.t.payload | 7 +++++++ 3 files changed, 13 insertions(+)