Re: ipv6 connection hash function wanted ...

Max Laier wrote:
David Malone wrote:
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for something done
per-packet), then one option might be to use a simpler hash that
is keyed. Choose the key at boot/module load time and make it hard
to produce collisions unless you know the key.

That's exactly what I am looking for ... now I need someone[tm] - with
better Math-Knowledge than mine - to write such a thing down in a simple
formula :-) i.e. take those bits from there and there and XOR them with
your canary yada-yada-yada ...

In that case, simply use crc32 (available from libkern.h)
and xor with a random key generated at boot time. crc32
is fast to calculate and has the properties that you need.

Best regards
Oliver

--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"Perl will consistently give you what you want,
unless what you want is consistency."
-- Larry Wall
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: ipv6 connection hash function wanted ...
    ... Choose the key at boot/module load time and make it hard ... simply use crc32 ... and xor with a random key generated at boot time. ... Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing ...
    (freebsd-net)
  • Re: ipv6 connection hash function wanted ...
    ... Choose the key at boot/module load time and make it hard ... simply use crc32 ... and xor with a random key generated at boot time. ... the hash function for dynamic rules must be commutative ...
    (freebsd-hackers)