| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Mar 2015 19:53:15 -0400 (EDT) From: David Miller <davem@...emloft.net> To: herbert@...dor.apana.org.au Cc: netdev@...r.kernel.org, roland@...estorage.com Subject: Re: arp_hash From: Herbert Xu <herbert@...dor.apana.org.au> Date: Mon, 23 Mar 2015 10:42:18 +1100 > On Sun, Mar 22, 2015 at 06:57:14PM -0400, David Miller wrote: >> From: Herbert Xu <herbert@...dor.apana.org.au> >> Date: Mon, 23 Mar 2015 08:34:08 +1100 >> >> > So what scales we are talking about, twice, three times? Have you >> > considered more modern hashes such as SipHash or SpookyHash >> > (successor to jhash/lookup3 and supposedly faster)? >> >> I want it to be one cycle or two. >> >> Every single transmitted packet hits this hash demux. > > For hosts can we cache this? For routers I guess this is just > the mummified remains of the route cache :) We want no reference counting of the neighbour entries, that's one of the main points of all this. That way packets getting stuck do not run into the classic dreaded "Neighbour table overflow", remember that? THAT is what is attackable when people have /8 subnets and someone just spam pings every host on that subnet. That is a more serious exposure than this hashing issue. At least with ref-less use, as we have now, we could trim hash chains that get too large with almost no barriers whatsoever because nearly every neigh entry has no external references outside of these demux sequences. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists