From patchwork Mon Apr 23 10:48:07 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: nevola <nevola@gmail.com>
X-Patchwork-Id: 902879
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="DLhZdrUQ"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40V38c0PZFz9rxx
	for <incoming@patchwork.ozlabs.org>;
	Mon, 23 Apr 2018 20:48:15 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754597AbeDWKsO (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Mon, 23 Apr 2018 06:48:14 -0400
Received: from mail-wr0-f196.google.com ([209.85.128.196]:46849 "EHLO
	mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754078AbeDWKsN (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Mon, 23 Apr 2018 06:48:13 -0400
Received: by mail-wr0-f196.google.com with SMTP id d1-v6so39871082wrj.13
	for <netfilter-devel@vger.kernel.org>;
	Mon, 23 Apr 2018 03:48:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=date:from:to:subject:message-id:mime-version:content-disposition
	:user-agent; bh=8CmuGk7NwgCkUKuzwOJBLiqXIskHVuGJxKBNHNYa24c=;
	b=DLhZdrUQcWHWNQUDfPj7SMtCQ1tGnwVD0Apwy+aNOmq78nPDFgsi70hAijXfrrjlwH
	39/aLELAHNZE/MjUV18GYDJpyLnFRbc2NjeUsVAuoYfFar9KkZ7VikaTjM4Y6ptE0tWj
	nqAfDNY/jtUFMhCsydsw+53z6xXm7IIo68LwyM5+POYuKvr4JAsC8etGUpWJXC9oYsy0
	pX0YbC0RYVwgwDvkVTLZqoY79/pMVZxm7o4ICK3iMBVwZwDs9YyuZY0Kl3yG/WXYKCt4
	8Ukiu/QI+1U8OlmXbldUWFrXV5czv6bv2acYxsCwxqjDOamnVyFP8qJ1M3xIvWJtJFnu
	HpBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=8CmuGk7NwgCkUKuzwOJBLiqXIskHVuGJxKBNHNYa24c=;
	b=YVftlGScjf7u8y/f3lCuJbN8P/Iy0ZYDupaJh5alZ+Y1z1pyc80AzOPbR97oRlShLR
	NjVLaiS1/pP4tutrzvelrY1QJZ8pj/Ih5caj3FenVKZnVVjxdhVkg+NZJS3srqYceXpW
	6/kD2v6jcTr5XZj2TjIvBn2rfpY84n37vv2EOqNQ2SDAcWblDEjMSUFfQjuePOy5l6xe
	G1IMmTaEWLJiaTIQku9bm9Nc/OwPaxcHxkCLtshkpHsdNsB7EQ68iDQ0pzUVOk3W/weX
	R/tyUKBS5mtOGrJkc2o4xzM3jssOnL8DYbUmP6otB0bPGfV3oK/rFWZCf33de4bz8DDo
	uRYw==
X-Gm-Message-State: ALQs6tCdL50GkY7OAK2S5d47a8WqWb8j1HDjDZjSV059BaCDUPnD8Un/
	P1Kr6OklP7sZ0R4rjyEj3D7WnQ==
X-Google-Smtp-Source: 
 AIpwx48ORGAK7VXB/c6Dj4ufveLrjfbE5y4uhNq3fzSq32ApWhu4REfujQa/Tpu+pKrhCoqYqAb+AA==
X-Received: by 2002:adf:9b83:: with SMTP id
	d3-v6mr16803970wrc.58.1524480492548;
	Mon, 23 Apr 2018 03:48:12 -0700 (PDT)
Received: from nevthink ([91.126.245.252]) by smtp.gmail.com with ESMTPSA id
	31-v6sm11397796wrm.68.2018.04.23.03.48.10
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Mon, 23 Apr 2018 03:48:11 -0700 (PDT)
Date: Mon, 23 Apr 2018 12:48:07 +0200
From: Laura Garcia Liebana <nevola@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nf-next] netfilter: nf_tables: enable hashing of one element
Message-ID: <20180423104807.eavendvks2ky4adk@nevthink>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: NeoMutt/20170113 (1.7.2)
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

The modulus in the hash function was limited to > 1 as initially
there was no sense to create a hashing of just one element.

Nevertheless, there are certain cases specially for load balancing
where this case needs to be addressed.

This patch fixes the following error.

Error: Could not process rule: Numerical result out of range
add rule ip nftlb lb01 dnat to jhash ip saddr mod 1 map { 0: 192.168.0.10 }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The solution comes to force the hash to 0 when the modulus is 1.

Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
---
 net/netfilter/nft_hash.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index 24f2f7567ddb..1c4f791552d0 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -53,7 +53,11 @@ static void nft_symhash_eval(const struct nft_expr *expr,
 	struct sk_buff *skb = pkt->skb;
 	u32 h;
 
-	h = reciprocal_scale(__skb_get_hash_symmetric(skb), priv->modulus);
+	if (priv->modulus)
+		h = reciprocal_scale(__skb_get_hash_symmetric(skb),
+				     priv->modulus);
+	else
+		h = 0;
 
 	regs->data[priv->dreg] = h + priv->offset;
 }
@@ -97,7 +101,7 @@ static int nft_jhash_init(const struct nft_ctx *ctx,
 	priv->len = len;
 
 	priv->modulus = ntohl(nla_get_be32(tb[NFTA_HASH_MODULUS]));
-	if (priv->modulus <= 1)
+	if (priv->modulus < 1)
 		return -ERANGE;
 
 	if (priv->offset + priv->modulus - 1 < priv->offset)