From: Laura Garcia Liebana <nevola@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH v3 nft 1/4] src: make hash seed attribute optional
Date: Fri, 4 Nov 2016 13:59:31 +0100 [thread overview]
Message-ID: <20161104125927.GA20394@sonyv> (raw)
The hash expression requires a seed attribute to call the jhash
operation, eg.
# nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2 \
seed 0xdeadbeef
With this patch the seed attribute is optional and it's generated by a
random function from userspace, eg.
# nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2
The kernel will take care of generate a random seed.
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
---
Changes in v3:
- The random generation is done in kernel side.
- Tests included.
src/parser_bison.y | 5 +++++
tests/py/ip/hash.t | 1 +
tests/py/ip/hash.t.payload | 7 +++++++
3 files changed, 13 insertions(+)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 17f23c5..82fec99 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2585,6 +2585,11 @@ hash_expr : JHASH expr MOD NUM SEED NUM
$$ = hash_expr_alloc(&@$, $4, $6);
$$->hash.expr = $2;
}
+ | JHASH expr MOD NUM
+ {
+ $$ = hash_expr_alloc(&@$, $4, 0);
+ $$->hash.expr = $2;
+ }
;
rt_expr : RT rt_key
diff --git a/tests/py/ip/hash.t b/tests/py/ip/hash.t
index 6dfa965..306ebfd 100644
--- a/tests/py/ip/hash.t
+++ b/tests/py/ip/hash.t
@@ -2,4 +2,5 @@
*ip;test-ip4;pre
ct mark set jhash ip saddr . ip daddr mod 2 seed 0xdeadbeef;ok
+ct mark set jhash ip saddr . ip daddr mod 2;ok
dnat to jhash ip saddr mod 2 seed 0xdeadbeef map { 0 : 192.168.20.100, 1 : 192.168.30.100 };ok
diff --git a/tests/py/ip/hash.t.payload b/tests/py/ip/hash.t.payload
index d9a22eb..1188a1b 100644
--- a/tests/py/ip/hash.t.payload
+++ b/tests/py/ip/hash.t.payload
@@ -5,6 +5,13 @@ ip test-ip4 pre
[ hash reg 1 = jhash(reg 2, 8, 0xdeadbeef) % mod 2 ]
[ ct set mark with reg 1 ]
+# ct mark set jhash ip saddr . ip daddr mod 2
+ip test-ip4 pre
+ [ payload load 4b @ network header + 12 => reg 2 ]
+ [ payload load 4b @ network header + 16 => reg 13 ]
+ [ hash reg 1 = jhash(reg 2, 8, 0x0) % mod 2 ]
+ [ ct set mark with reg 1 ]
+
# dnat to jhash ip saddr mod 2 seed 0xdeadbeef map { 0 : 192.168.20.100, 1 : 192.168.30.100 }
__map%d test-ip4 b
__map%d test-ip4 0
--
2.9.3
next reply other threads:[~2016-11-04 12:59 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-04 12:59 Laura Garcia Liebana [this message]
2016-11-08 23:22 ` [PATCH v3 nft 1/4] src: make hash seed attribute optional Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161104125927.GA20394@sonyv \
--to=nevola@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.