mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-24 11:29:10 +00:00
0e5f55bb95
I edited the original change to retain the use of arc4random() as a seed for the hashing as a very basic defense against intentional lagg port selection. The author's original commit message (edited slightly): sys/net/ieee8023ad_lacp.c sys/net/if_lagg.c In lagg_hashmbuf, use the FNV hash instead of the old hash32_buf. The hash32 family of functions operate one octet at a time, and when run on a string s of length n, their output is equivalent to : ----- i=n-1 \ n \ (n-i-1) 32 ( seed^ + / 33^ * s[i] ) % 2^ / ----- i=0 The problem is that the last five bytes of input don't get multiplied by sufficiently many powers of 33 to rollover 2^32. That means that changing the last few bytes (but obviously not the very last) of input will always change the value of the hash by a multiple of 33. In the case of lagg_hashmbuf() with ipv4 input, the last four bytes are the TCP or UDP port numbers. Since the output of lagg_hashmbuf is always taken modulo the port count, and 3 is a common port count for a lagg, that's bad. It means that the UDP or TCP source port will never affect which lagg member is selected on a 3-port lagg. At 10Gbps, I was not able to measure any difference in CPU consumption between the old and new hash. Submitted by: asomers (original commit) Reviewed by: emaste, glebius MFC after: 1 week Sponsored by: Spectra Logic MFSpectraBSD: 1001723 on 2013/08/28 (original) 1114258 on 2015/01/22 (edit) |
||
---|---|---|
.. | ||
bpf_buffer.c | ||
bpf_buffer.h | ||
bpf_filter.c | ||
bpf_jitter.c | ||
bpf_jitter.h | ||
bpf_zerocopy.c | ||
bpf_zerocopy.h | ||
bpf.c | ||
bpf.h | ||
bpfdesc.h | ||
bridgestp.c | ||
bridgestp.h | ||
ethernet.h | ||
fddi.h | ||
firewire.h | ||
flowtable.c | ||
flowtable.h | ||
ieee8023ad_lacp.c | ||
ieee8023ad_lacp.h | ||
ieee_oui.h | ||
if_arc.h | ||
if_arcsubr.c | ||
if_arp.h | ||
if_atm.h | ||
if_atmsubr.c | ||
if_bridge.c | ||
if_bridgevar.h | ||
if_clone.c | ||
if_clone.h | ||
if_dead.c | ||
if_debug.c | ||
if_disc.c | ||
if_dl.h | ||
if_edsc.c | ||
if_enc.c | ||
if_enc.h | ||
if_epair.c | ||
if_ethersubr.c | ||
if_fddisubr.c | ||
if_fwsubr.c | ||
if_gif.c | ||
if_gif.h | ||
if_gre.c | ||
if_gre.h | ||
if_iso88025subr.c | ||
if_lagg.c | ||
if_lagg.h | ||
if_llatbl.c | ||
if_llatbl.h | ||
if_llc.h | ||
if_loop.c | ||
if_me.c | ||
if_media.c | ||
if_media.h | ||
if_mib.c | ||
if_mib.h | ||
if_pflog.h | ||
if_pfsync.h | ||
if_sppp.h | ||
if_spppfr.c | ||
if_spppsubr.c | ||
if_stf.c | ||
if_tap.c | ||
if_tap.h | ||
if_tapvar.h | ||
if_tun.c | ||
if_tun.h | ||
if_types.h | ||
if_var.h | ||
if_vlan_var.h | ||
if_vlan.c | ||
if_vxlan.c | ||
if_vxlan.h | ||
if.c | ||
if.h | ||
ifq.h | ||
iso88025.h | ||
netisr_internal.h | ||
netisr.c | ||
netisr.h | ||
netmap_user.h | ||
netmap.h | ||
paravirt.h | ||
pfil.c | ||
pfil.h | ||
pfkeyv2.h | ||
pfvar.h | ||
ppp_defs.h | ||
radix_mpath.c | ||
radix_mpath.h | ||
radix.c | ||
radix.h | ||
raw_cb.c | ||
raw_cb.h | ||
raw_usrreq.c | ||
route.c | ||
route.h | ||
rss_config.c | ||
rss_config.h | ||
rtsock.c | ||
sff8436.h | ||
sff8472.h | ||
slcompress.c | ||
slcompress.h | ||
toeplitz.c | ||
toeplitz.h | ||
vnet.c | ||
vnet.h | ||
zlib.c | ||
zlib.h | ||
zutil.h |