The hash expression requires a seed attribute to call the jhash
operation, eg.
# nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2 \
seed 0xdeadbeef
With this patch the seed attribute is optional and it's generated by a
random function from userspace, eg.
# nft add rule x y meta mark set jhash ip saddr . ip daddr mod 2
The kernel will take care of generate a random seed.
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
$$ = hash_expr_alloc(&@$, $4, $6);
$$->hash.expr = $2;
}
+ | JHASH expr MOD NUM
+ {
+ $$ = hash_expr_alloc(&@$, $4, 0);
+ $$->hash.expr = $2;
+ }
;
rt_expr : RT rt_key
*ip;test-ip4;pre
ct mark set jhash ip saddr . ip daddr mod 2 seed 0xdeadbeef;ok
+ct mark set jhash ip saddr . ip daddr mod 2;ok
dnat to jhash ip saddr mod 2 seed 0xdeadbeef map { 0 : 192.168.20.100, 1 : 192.168.30.100 };ok
[ hash reg 1 = jhash(reg 2, 8, 0xdeadbeef) % mod 2 ]
[ ct set mark with reg 1 ]
+# ct mark set jhash ip saddr . ip daddr mod 2
+ip test-ip4 pre
+ [ payload load 4b @ network header + 12 => reg 2 ]
+ [ payload load 4b @ network header + 16 => reg 13 ]
+ [ hash reg 1 = jhash(reg 2, 8, 0x0) % mod 2 ]
+ [ ct set mark with reg 1 ]
+
# dnat to jhash ip saddr mod 2 seed 0xdeadbeef map { 0 : 192.168.20.100, 1 : 192.168.30.100 }
__map%d test-ip4 b
__map%d test-ip4 0
projects / thirdparty / nftables.git / commitdiff
