Hi Laura,
2016-08-10 2:22 GMT+08:00 Laura Garcia Liebana <nevola@xxxxxxxxx>:
> This patch adds a new hash expression, this provides jhash support but
> this can be extended to support for other hash functions.
>
> The modulus and seed already comes embedded into this new expression.
>
> Use case example:
> meta mark set hash ip saddr mod 10
>
> +static int nft_hash_init(const struct nft_ctx *ctx,
> + const struct nft_expr *expr,
> + const struct nlattr * const tb[])
> +{
> + struct nft_hash *priv = nft_expr_priv(expr);
> + u32 len;
> +
> + if (!tb[NFTA_HASH_SREG] ||
> + !tb[NFTA_HASH_DREG] ||
> + !tb[NFTA_HASH_LEN])
> + return -EINVAL;
I think tb[NFTA_HASH_MODULUS] and tb[NFTA_HASH_SEED] should also be
checked is NULL or not? :)
> +
> + priv->sreg = nft_parse_register(tb[NFTA_HASH_SREG]);
> + priv->dreg = nft_parse_register(tb[NFTA_HASH_DREG]);
Should we use nft_validate_register_load and
nft_validate_register_store here to check the validity ?
> +
> + len = ntohl(nla_get_be32(tb[NFTA_HASH_LEN]));
> + if (len == 0 || len > U8_MAX)
> + return -EINVAL;
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
