ipv6 connection hash function wanted ...
- From: Max Laier <max@xxxxxxxxxxxxxx>
- Date: Tue, 14 Nov 2006 17:09:20 +0100
Hello,
this one is something for people who know their math.
Input: 2x128bit of address (lower ~80bit selectable by user) and 2x16bit
of ports (more or less selectable by user). Note that the "flow_id" is
not useable as several broken stack implementations do not set it
consistently - and it is user settable as well.
Output: "int" hash value - by default we use the lower 8bit of it.
Problems: Most of the input can be selected by a user meaning it is easy
to produce collisions. For legal connections, the lower 64bit are the
one with the highest entropy - in fact the upper 64bit might be the same
for many connections coming from/going to the same subnet. This function
will be used for every packet that is passed to a dynamic IPFW rule, so
efficiency is a concern.
Any ideas? Any papers that deal with this problem?
ref: sys/netinet/ip_fw2.c::hash_packet6
--
/"\ Best regards, | mlaier@xxxxxxxxxxx
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
Attachment:
pgpVDhICq4phZ.pgp
Description: PGP signature
- Follow-Ups:
- Re: ipv6 connection hash function wanted ...
- From: David Malone
- Re: ipv6 connection hash function wanted ...
- From: Andrew
- Re: ipv6 connection hash function wanted ...
- From: Paul Twohey
- Re: ipv6 connection hash function wanted ...
- Prev by Date: Re: Proposed 6.2 em RELEASE patch
- Next by Date: Re: ipv6 connection hash function wanted ...
- Previous by thread: fxp going quiescent in current
- Next by thread: Re: ipv6 connection hash function wanted ...
- Index(es):
Relevant Pages
|
|
