diff options
| author | Liping Zhang <zlpnobody@gmail.com> | 2017-04-03 04:34:38 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-04-13 17:20:13 -0400 |
| commit | 79e09ef96b6a5fb888f5241f3aa707e9ad0b1cce (patch) | |
| tree | e71a4bd57d30a74c541e24983db101c3b9dd2403 | |
| parent | 7cddd967bfc2e4fc6b3218c2ddc67fbeed433ad3 (diff) | |
netfilter: nft_hash: do not dump the auto generated seed
This can prevent the nft utility from printing out the auto generated
seed to the user, which is unnecessary and confusing.
Fixes: cb1b69b0b15b ("netfilter: nf_tables: add hash expression")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nft_hash.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c index eb2721af898d..c4dad1254ead 100644 --- a/net/netfilter/nft_hash.c +++ b/net/netfilter/nft_hash.c | |||
| @@ -21,6 +21,7 @@ struct nft_hash { | |||
| 21 | enum nft_registers sreg:8; | 21 | enum nft_registers sreg:8; |
| 22 | enum nft_registers dreg:8; | 22 | enum nft_registers dreg:8; |
| 23 | u8 len; | 23 | u8 len; |
| 24 | bool autogen_seed:1; | ||
| 24 | u32 modulus; | 25 | u32 modulus; |
| 25 | u32 seed; | 26 | u32 seed; |
| 26 | u32 offset; | 27 | u32 offset; |
| @@ -82,10 +83,12 @@ static int nft_hash_init(const struct nft_ctx *ctx, | |||
| 82 | if (priv->offset + priv->modulus - 1 < priv->offset) | 83 | if (priv->offset + priv->modulus - 1 < priv->offset) |
| 83 | return -EOVERFLOW; | 84 | return -EOVERFLOW; |
| 84 | 85 | ||
| 85 | if (tb[NFTA_HASH_SEED]) | 86 | if (tb[NFTA_HASH_SEED]) { |
| 86 | priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED])); | 87 | priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED])); |
| 87 | else | 88 | } else { |
| 89 | priv->autogen_seed = true; | ||
| 88 | get_random_bytes(&priv->seed, sizeof(priv->seed)); | 90 | get_random_bytes(&priv->seed, sizeof(priv->seed)); |
| 91 | } | ||
| 89 | 92 | ||
| 90 | return nft_validate_register_load(priv->sreg, len) && | 93 | return nft_validate_register_load(priv->sreg, len) && |
| 91 | nft_validate_register_store(ctx, priv->dreg, NULL, | 94 | nft_validate_register_store(ctx, priv->dreg, NULL, |
| @@ -105,7 +108,8 @@ static int nft_hash_dump(struct sk_buff *skb, | |||
| 105 | goto nla_put_failure; | 108 | goto nla_put_failure; |
| 106 | if (nla_put_be32(skb, NFTA_HASH_MODULUS, htonl(priv->modulus))) | 109 | if (nla_put_be32(skb, NFTA_HASH_MODULUS, htonl(priv->modulus))) |
| 107 | goto nla_put_failure; | 110 | goto nla_put_failure; |
| 108 | if (nla_put_be32(skb, NFTA_HASH_SEED, htonl(priv->seed))) | 111 | if (!priv->autogen_seed && |
| 112 | nla_put_be32(skb, NFTA_HASH_SEED, htonl(priv->seed))) | ||
| 109 | goto nla_put_failure; | 113 | goto nla_put_failure; |
| 110 | if (priv->offset != 0) | 114 | if (priv->offset != 0) |
| 111 | if (nla_put_be32(skb, NFTA_HASH_OFFSET, htonl(priv->offset))) | 115 | if (nla_put_be32(skb, NFTA_HASH_OFFSET, htonl(priv->offset))) |