summaryrefslogtreecommitdiff
path: root/net/bridge
diff options
context:
space:
mode:
authorLaura Garcia Liebana <nevola@gmail.com>2017-03-02 19:00:14 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2017-03-06 19:57:42 +0300
commit3206caded81ad9bdb2e7ff4c0b94ec5913df8618 (patch)
tree571af47f0aabf798126bcff7ac8650b2f8dac99e /net/bridge
parent511040eea2234d9add3f33ba0e6c2e17944fdfb6 (diff)
downloadlinux-3206caded81ad9bdb2e7ff4c0b94ec5913df8618.tar.xz
netfilter: nft_hash: support of symmetric hash
This patch provides symmetric hash support according to source ip address and port, and destination ip address and port. For this purpose, the __skb_get_hash_symmetric() is used to identify the flow as it uses FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL flag by default. The new attribute NFTA_HASH_TYPE has been included to support different types of hashing functions. Currently supported NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash. The main difference between both types are: - jhash requires an expression with sreg, symhash doesn't. - symhash supports modulus and offset, but not seed. Examples: nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2 nft add rule ip nat prerouting ct mark set symhash mod 2 By default, jenkins hash will be used if no hash type is provided for compatibility reasons. Signed-off-by: Laura Garcia Liebana <laura.garcia@zevenet.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/bridge')
0 files changed, 0 insertions, 0 deletions