diff options
| author | Laura Garcia Liebana <nevola@gmail.com> | 2017-03-02 17:00:14 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-03-06 17:57:42 +0100 |
| commit | 3206caded81ad9bdb2e7ff4c0b94ec5913df8618 (patch) | |
| tree | 571af47f0aabf798126bcff7ac8650b2f8dac99e /net/bridge/netfilter | |
| parent | 511040eea2234d9add3f33ba0e6c2e17944fdfb6 (diff) | |
netfilter: nft_hash: support of symmetric hash
This patch provides symmetric hash support according to source
ip address and port, and destination ip address and port.
For this purpose, the __skb_get_hash_symmetric() is used to
identify the flow as it uses FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL
flag by default.
The new attribute NFTA_HASH_TYPE has been included to support
different types of hashing functions. Currently supported
NFT_HASH_JENKINS through jhash and NFT_HASH_SYM through symhash.
The main difference between both types are:
- jhash requires an expression with sreg, symhash doesn't.
- symhash supports modulus and offset, but not seed.
Examples:
nft add rule ip nat prerouting ct mark set jhash ip saddr mod 2
nft add rule ip nat prerouting ct mark set symhash mod 2
By default, jenkins hash will be used if no hash type is
provided for compatibility reasons.
Signed-off-by: Laura Garcia Liebana <laura.garcia@zevenet.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/bridge/netfilter')
0 files changed, 0 insertions, 0 deletions