From: Laura Garcia Liebana <nevola@gmail.com>
Date: Mon, 15 Jul 2019 11:23:37 +0000 (+0200)
Subject: netfilter: nft_hash: fix symhash with modulus one
X-Git-Tag: v5.3-rc2~42^2~19^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=28b1d6ef53e3303b90ca8924bb78f31fa527cafb;p=thirdparty%2Fkernel%2Flinux.git

netfilter: nft_hash: fix symhash with modulus one

The rule below doesn't work as the kernel raises -ERANGE.

nft add rule netdev nftlb lb01 ip daddr set \
	symhash mod 1 map { 0 : 192.168.0.10 } fwd to "eth0"

This patch allows to use the symhash modulus with one
element, in the same way that the other types of hashes and
algorithms that uses the modulus parameter.

Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index fe93e731dc7fb..b836d550b9199 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -129,7 +129,7 @@ static int nft_symhash_init(const struct nft_ctx *ctx,
 	priv->dreg = nft_parse_register(tb[NFTA_HASH_DREG]);
 
 	priv->modulus = ntohl(nla_get_be32(tb[NFTA_HASH_MODULUS]));
-	if (priv->modulus <= 1)
+	if (priv->modulus < 1)
 		return -ERANGE;
 
 	if (priv->offset + priv->modulus - 1 < priv->offset)