git.ipfire.org Git - thirdparty/nftables.git/commit

author	Laura Garcia Liebana <nevola@gmail.com>
	Tue, 28 Feb 2017 17:42:50 +0000 (18:42 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 6 Mar 2017 17:25:05 +0000 (18:25 +0100)
commit	3a86406729782ee2671ec7161c76529c2e4a44e4
tree	931f8f89b8ab46e248830aaf4d99570d32beb6a6	tree
parent	24091fb6d084890ce167364ac78fed8ceb94ae85	commit \| diff

src: hash: support of symmetric hash

This patch provides symmetric hash support according to source
ip address and port, and destination ip address and port.

The new attribute NFTA_HASH_TYPE has been included to support
different types of hashing functions. Currently supported
NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash.

The main difference between both types are:
- jhash requires an expression with sreg, symhash doesn't.
- symhash supports modulus and offset, but not seed.

Examples:

nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2
nft add rule ip nat prerouting ct mark set symhash mod 2

Signed-off-by: Laura Garcia Liebana <laura.garcia@zevenet.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/expression.h		diff \| blob \| blame \| history
include/hash.h		diff \| blob \| blame \| history
include/linux/netfilter/nf_tables.h		diff \| blob \| blame \| history
src/evaluate.c		diff \| blob \| blame \| history
src/hash.c		diff \| blob \| blame \| history
src/netlink_delinearize.c		diff \| blob \| blame \| history
src/netlink_linearize.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history
tests/py/ip/hash.t		diff \| blob \| blame \| history
tests/py/ip/hash.t.payload		diff \| blob \| blame \| history