Commit 79e09ef9 authored by Liping Zhang's avatar Liping Zhang Committed by Pablo Neira Ayuso

netfilter: nft_hash: do not dump the auto generated seed

This can prevent the nft utility from printing out the auto generated
seed to the user, which is unnecessary and confusing.

Fixes: cb1b69b0 ("netfilter: nf_tables: add hash expression")
Signed-off-by: default avatarLiping Zhang <zlpnobody@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 7cddd967
...@@ -21,6 +21,7 @@ struct nft_hash { ...@@ -21,6 +21,7 @@ struct nft_hash {
enum nft_registers sreg:8; enum nft_registers sreg:8;
enum nft_registers dreg:8; enum nft_registers dreg:8;
u8 len; u8 len;
bool autogen_seed:1;
u32 modulus; u32 modulus;
u32 seed; u32 seed;
u32 offset; u32 offset;
...@@ -82,10 +83,12 @@ static int nft_hash_init(const struct nft_ctx *ctx, ...@@ -82,10 +83,12 @@ static int nft_hash_init(const struct nft_ctx *ctx,
if (priv->offset + priv->modulus - 1 < priv->offset) if (priv->offset + priv->modulus - 1 < priv->offset)
return -EOVERFLOW; return -EOVERFLOW;
if (tb[NFTA_HASH_SEED]) if (tb[NFTA_HASH_SEED]) {
priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED])); priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
else } else {
priv->autogen_seed = true;
get_random_bytes(&priv->seed, sizeof(priv->seed)); get_random_bytes(&priv->seed, sizeof(priv->seed));
}
return nft_validate_register_load(priv->sreg, len) && return nft_validate_register_load(priv->sreg, len) &&
nft_validate_register_store(ctx, priv->dreg, NULL, nft_validate_register_store(ctx, priv->dreg, NULL,
...@@ -105,7 +108,8 @@ static int nft_hash_dump(struct sk_buff *skb, ...@@ -105,7 +108,8 @@ static int nft_hash_dump(struct sk_buff *skb,
goto nla_put_failure; goto nla_put_failure;
if (nla_put_be32(skb, NFTA_HASH_MODULUS, htonl(priv->modulus))) if (nla_put_be32(skb, NFTA_HASH_MODULUS, htonl(priv->modulus)))
goto nla_put_failure; goto nla_put_failure;
if (nla_put_be32(skb, NFTA_HASH_SEED, htonl(priv->seed))) if (!priv->autogen_seed &&
nla_put_be32(skb, NFTA_HASH_SEED, htonl(priv->seed)))
goto nla_put_failure; goto nla_put_failure;
if (priv->offset != 0) if (priv->offset != 0)
if (nla_put_be32(skb, NFTA_HASH_OFFSET, htonl(priv->offset))) if (nla_put_be32(skb, NFTA_HASH_OFFSET, htonl(priv->offset)))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment