search for: nft_hash_key

Displaying 1 result from an estimated 1 matches for "nft_hash_key".

2017 Oct 28
5
[Bug 1199] New: nft_set_hash fast lookup broken for 2 byte keys
...jor Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter: makovick at gmail.com Hi, after an upgrade of the userspace nftables to v0.8, I found that my port sets suddenly stopped matching. After some searching, I tracked the issue down to nft_hash_key and nft_hash_lookup_fast - with v0.8, the kernel started preferring hashes instead of bitsets. nft_hash_lookup_fast uses jhash_1word, which always uses the hash initializer appropriate for keys of length == 4. This means it miscomputes the bucket location for 2-byte keys and the lookup fails. In a...