git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 26 Aug 2016 16:00:00 +0000 (18:00 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 29 Aug 2016 18:30:29 +0000 (20:30 +0200)
commit	345236211715ffb7cc28f6ff0b26acb90181e738
tree	aebfc9aeece1dda1bb1ffab52aa93a9b1114f928	tree
parent	13eeed6ea6f0a5d1353ee5ad14c4322695b4f59b	commit \| diff

src: add hash expression

This is special expression that transforms an input expression into a
32-bit unsigned integer. This expression takes a modulus parameter to
scale the result and the random seed so the hash result becomes harder
to predict.

You can use it to set the packet mark, eg.

# nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2 seed 0xdeadbeef

You can combine this with maps too, eg.

# nft add rule x y dnat to jhash ip saddr mod 2 seed 0xdeadbeef map { \
0 : 192.168.20.100, \
1 : 192.168.30.100 \
}

Currently, this expression implements the jenkins hash implementation
available in the Linux kernel:

http://lxr.free-electrons.com/source/include/linux/jhash.h

But it should be possible to extend it to support any other hash
function type.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/expression.h		diff \| blob \| blame \| history
include/hash.h	[new file with mode: 0644]	blob
src/Makefile.am		diff \| blob \| blame \| history
src/evaluate.c		diff \| blob \| blame \| history
src/hash.c	[new file with mode: 0644]	blob
src/netlink_delinearize.c		diff \| blob \| blame \| history
src/netlink_linearize.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history
tests/py/ip/hash.t	[new file with mode: 0644]	blob
tests/py/ip/hash.t.payload	[new file with mode: 0644]	blob