diff options
author | Laura Garcia Liebana <nevola@gmail.com> | 2017-03-02 19:00:14 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-03-06 19:57:42 +0300 |
commit | 3206caded81ad9bdb2e7ff4c0b94ec5913df8618 (patch) | |
tree | 571af47f0aabf798126bcff7ac8650b2f8dac99e /net/bridge | |
parent | 511040eea2234d9add3f33ba0e6c2e17944fdfb6 (diff) | |
download | linux-3206caded81ad9bdb2e7ff4c0b94ec5913df8618.tar.xz |
netfilter: nft_hash: support of symmetric hash
This patch provides symmetric hash support according to source
ip address and port, and destination ip address and port.
For this purpose, the __skb_get_hash_symmetric() is used to
identify the flow as it uses FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL
flag by default.
The new attribute NFTA_HASH_TYPE has been included to support
different types of hashing functions. Currently supported
NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash.
The main difference between both types are:
- jhash requires an expression with sreg, symhash doesn't.
- symhash supports modulus and offset, but not seed.
Examples:
nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2
nft add rule ip nat prerouting ct mark set symhash mod 2
By default, jenkins hash will be used if no hash type is
provided for compatibility reasons.
Signed-off-by: Laura Garcia Liebana <laura.garcia@zevenet.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/bridge')
0 files changed, 0 insertions, 0 deletions