netfilter: nat: include zone id in nat table hash again

/* We keep an extra hash for each conntrack, for fast searching. */

static unsigned int

hash_by_src(const struct net *n, const struct nf_conntrack_tuple *tuple)

hash_by_src(const struct net *net,

	    const struct nf_conntrack_zone *zone,

	    const struct nf_conntrack_tuple *tuple)

{

	unsigned int hash;

	struct {

		struct nf_conntrack_man src;

		u32 net_mix;

		u32 protonum;

		u32 zone;

	} __aligned(SIPHASH_ALIGNMENT) combined;

	get_random_once(&nf_nat_hash_rnd, sizeof(nf_nat_hash_rnd));

	/* Original src, to ensure we map it consistently if poss. */

	combined.src = tuple->src;

	combined.net_mix = net_hash_mix(n);

	combined.net_mix = net_hash_mix(net);

	combined.protonum = tuple->dst.protonum;

	/* Zone ID can be used provided its valid for both directions */

	if (zone->dir == NF_CT_DEFAULT_ZONE_DIR)

		combined.zone = zone->id;

	hash = siphash(&combined, sizeof(combined), &nf_nat_hash_rnd);

	return reciprocal_scale(hash, nf_nat_htable_size);

		     struct nf_conntrack_tuple *result,

		     const struct nf_nat_range2 *range)

{

	unsigned int h = hash_by_src(net, tuple);

	unsigned int h = hash_by_src(net, zone, tuple);

	const struct nf_conn *ct;

	hlist_for_each_entry_rcu(ct, &nf_nat_bysource[h], nat_bysource) {

		unsigned int srchash;

		spinlock_t *lock;

		srchash = hash_by_src(net,

		srchash = hash_by_src(net, nf_ct_zone(ct),

				      &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);

		lock = &nf_nat_locks[srchash % CONNTRACK_LOCKS];

		spin_lock_bh(lock);

{

	unsigned int h;

	h = hash_by_src(nf_ct_net(ct), &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);

	h = hash_by_src(nf_ct_net(ct), nf_ct_zone(ct), &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);

	spin_lock_bh(&nf_nat_locks[h % CONNTRACK_LOCKS]);

	hlist_del_rcu(&ct->nat_bysource);

	spin_unlock_bh(&nf_nat_locks[h % CONNTRACK_LOCKS]);