| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 05 Aug 2009 12:08:31 -0700 (PDT) From: David Miller <davem@...emloft.net> To: joamaki@...il.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH] xfrm: xfrm hash to use Jenkins' hash From: Jussi Mäki <joamaki@...il.com> Date: Wed, 5 Aug 2009 10:41:42 +0300 > Hi, > > The current xfrm hash functions perform very poorly when a number of > policies have the same > last byte in source and destination addresses. > > For example with __xfrm_dst_hash, hmask of 0xfff: > > 192.168.0.1-172.16.0.1 hashes to 3258 > 192.168.0.2-172.16.0.2 hashes to 3258 > ... and so on. > > This patch addresses the issue by rewriting the xfrm > hash functions to use the Jenkins' hash function. > > Signed-off-by: Jussi Maki <joamaki@...il.com> jhash expands to a lot of code, and given your description of the problem, you could have fixed it by adding 2 instructions (see below) instead of 20 or 30 (jhash instruction count) at every hash calculation site. Simply change every instance of: (h >> 16) with ((h >> 16) ^ (h >> 24)) As much as I love jhash, it's overkill for fixing this problem. And if we do end up using jhash, it should get inlined into a seperate non-inline function instead of expanding that monster 4 or 5 times throughout the XFRM code. I'm not applying this, either make the simple one-liner fix I suggested above work or move the jhash into a non-inline expansion. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists