1 files changed, 7 insertions, 3 deletions

diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index eb2721af898d..c4dad1254ead 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -21,6 +21,7 @@ struct nft_hash {
         enum nft_registers      sreg:8;
         enum nft_registers      dreg:8;
         u8                      len;
+        bool                    autogen_seed:1;
         u32                     modulus;
         u32                     seed;
         u32                     offset;
@@ -82,10 +83,12 @@ static int nft_hash_init(const struct nft_ctx *ctx,
         if (priv->offset + priv->modulus - 1 < priv->offset)
                 return -EOVERFLOW;
 
-        if (tb[NFTA_HASH_SEED])
+        if (tb[NFTA_HASH_SEED]) {
                 priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
-        else
+        } else {
+                priv->autogen_seed = true;
                 get_random_bytes(&priv->seed, sizeof(priv->seed));
+        }
 
         return nft_validate_register_load(priv->sreg, len) &&
                nft_validate_register_store(ctx, priv->dreg, NULL,
@@ -105,7 +108,8 @@ static int nft_hash_dump(struct sk_buff *skb,
                 goto nla_put_failure;
         if (nla_put_be32(skb, NFTA_HASH_MODULUS, htonl(priv->modulus)))
                 goto nla_put_failure;
-        if (nla_put_be32(skb, NFTA_HASH_SEED, htonl(priv->seed)))
+        if (!priv->autogen_seed &&
+            nla_put_be32(skb, NFTA_HASH_SEED, htonl(priv->seed)))
                 goto nla_put_failure;
         if (priv->offset != 0)
                 if (nla_put_be32(skb, NFTA_HASH_OFFSET, htonl(priv->offset)))