ipv6 connection hash function wanted ...
Max Laier
max at love2party.net
Tue Nov 14 16:20:24 UTC 2006
Hello,
this one is something for people who know their math.
Input: 2x128bit of address (lower ~80bit selectable by user) and 2x16bit
of ports (more or less selectable by user). Note that the "flow_id" is
not useable as several broken stack implementations do not set it
consistently - and it is user settable as well.
Output: "int" hash value - by default we use the lower 8bit of it.
Problems: Most of the input can be selected by a user meaning it is easy
to produce collisions. For legal connections, the lower 64bit are the
one with the highest entropy - in fact the upper 64bit might be the same
for many connections coming from/going to the same subnet. This function
will be used for every packet that is passed to a dynamic IPFW rule, so
efficiency is a concern.
Any ideas? Any papers that deal with this problem?
ref: sys/netinet/ip_fw2.c::hash_packet6
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20061114/8cd04efc/attachment.pgp
More information about the freebsd-net
mailing list