From: Laura Garcia Liebana <nevola@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH] netfilter: nft_hash: Add hash offset value
Date: Mon, 5 Sep 2016 10:36:57 +0200 [thread overview]
Message-ID: <20160905083655.GA15395@sonyv> (raw)
Add support to pass through an offset to the hash value. With this
feature, the sysadmin is able to generate a hash with a given
offset value.
Example:
meta mark set jhash ip saddr mod 2 seed 0xabcd sum 100
This option generates marks according to the source address from 100 to
101.
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
---
include/uapi/linux/netfilter/nf_tables.h | 2 ++
net/netfilter/nft_hash.c | 13 +++++++++++--
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 4dbeeed..8026684 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -764,6 +764,7 @@ enum nft_meta_keys {
* @NFTA_HASH_LEN: source data length (NLA_U32)
* @NFTA_HASH_MODULUS: modulus value (NLA_U32)
* @NFTA_HASH_SEED: seed value (NLA_U32)
+ * @NFTA_HASH_SUM: Hash offset value (NLA_U32)
*/
enum nft_hash_attributes {
NFTA_HASH_UNSPEC,
@@ -772,6 +773,7 @@ enum nft_hash_attributes {
NFTA_HASH_LEN,
NFTA_HASH_MODULUS,
NFTA_HASH_SEED,
+ NFTA_HASH_SUM,
__NFTA_HASH_MAX,
};
#define NFTA_HASH_MAX (__NFTA_HASH_MAX - 1)
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index b7e3b40..8ab04d9 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -23,6 +23,7 @@ struct nft_hash {
u8 len;
u32 modulus;
u32 seed;
+ u32 sum;
};
static void nft_hash_eval(const struct nft_expr *expr,
@@ -35,7 +36,7 @@ static void nft_hash_eval(const struct nft_expr *expr,
h = reciprocal_scale(jhash(data, priv->len, priv->seed), priv->modulus);
- regs->data[priv->dreg] = h;
+ regs->data[priv->dreg] = priv->sum + h;
}
const struct nla_policy nft_hash_policy[NFTA_HASH_MAX + 1] = {
@@ -44,6 +45,7 @@ const struct nla_policy nft_hash_policy[NFTA_HASH_MAX + 1] = {
[NFTA_HASH_LEN] = { .type = NLA_U32 },
[NFTA_HASH_MODULUS] = { .type = NLA_U32 },
[NFTA_HASH_SEED] = { .type = NLA_U32 },
+ [NFTA_HASH_SUM] = { .type = NLA_U32 },
};
static int nft_hash_init(const struct nft_ctx *ctx,
@@ -60,6 +62,11 @@ static int nft_hash_init(const struct nft_ctx *ctx,
!tb[NFTA_HASH_MODULUS])
return -EINVAL;
+ if (tb[NFTA_HASH_SUM])
+ priv->sum = ntohl(nla_get_be32(tb[NFTA_HASH_SUM]));
+ else
+ priv->sum = 0;
+
priv->sreg = nft_parse_register(tb[NFTA_HASH_SREG]);
if (priv->sreg < 0)
return -ERANGE;
@@ -99,7 +106,9 @@ static int nft_hash_dump(struct sk_buff *skb,
goto nla_put_failure;
if (nft_dump_register(skb, NFTA_HASH_SEED, priv->seed))
goto nla_put_failure;
-
+ if (priv->sum != 0)
+ if (nft_dump_register(skb, NFTA_HASH_SUM, priv->sum))
+ goto nla_put_failure;
return 0;
nla_put_failure:
--
2.8.1
next reply other threads:[~2016-09-05 8:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-05 8:36 Laura Garcia Liebana [this message]
2016-09-05 9:10 ` [PATCH] netfilter: nft_hash: Add hash offset value Pablo Neira Ayuso
2016-09-05 9:58 ` Laura Garcia
2016-09-05 10:09 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160905083655.GA15395@sonyv \
--to=nevola@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.