netfilter: nft_hash: do not dump the auto generated seed
This can prevent the nft utility from printing out the auto generated
seed to the user, which is unnecessary and confusing.
Fixes: cb1b69b0b1
("netfilter: nf_tables: add hash expression")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
7cddd967bf
commit
79e09ef96b
1 changed files with 7 additions and 3 deletions
|
@ -21,6 +21,7 @@ struct nft_hash {
|
|||
enum nft_registers sreg:8;
|
||||
enum nft_registers dreg:8;
|
||||
u8 len;
|
||||
bool autogen_seed:1;
|
||||
u32 modulus;
|
||||
u32 seed;
|
||||
u32 offset;
|
||||
|
@ -82,10 +83,12 @@ static int nft_hash_init(const struct nft_ctx *ctx,
|
|||
if (priv->offset + priv->modulus - 1 < priv->offset)
|
||||
return -EOVERFLOW;
|
||||
|
||||
if (tb[NFTA_HASH_SEED])
|
||||
if (tb[NFTA_HASH_SEED]) {
|
||||
priv->seed = ntohl(nla_get_be32(tb[NFTA_HASH_SEED]));
|
||||
else
|
||||
} else {
|
||||
priv->autogen_seed = true;
|
||||
get_random_bytes(&priv->seed, sizeof(priv->seed));
|
||||
}
|
||||
|
||||
return nft_validate_register_load(priv->sreg, len) &&
|
||||
nft_validate_register_store(ctx, priv->dreg, NULL,
|
||||
|
@ -105,7 +108,8 @@ static int nft_hash_dump(struct sk_buff *skb,
|
|||
goto nla_put_failure;
|
||||
if (nla_put_be32(skb, NFTA_HASH_MODULUS, htonl(priv->modulus)))
|
||||
goto nla_put_failure;
|
||||
if (nla_put_be32(skb, NFTA_HASH_SEED, htonl(priv->seed)))
|
||||
if (!priv->autogen_seed &&
|
||||
nla_put_be32(skb, NFTA_HASH_SEED, htonl(priv->seed)))
|
||||
goto nla_put_failure;
|
||||
if (priv->offset != 0)
|
||||
if (nla_put_be32(skb, NFTA_HASH_OFFSET, htonl(priv->offset)))
|
||||
|
|
Loading…
Reference in a new issue