From owner-freebsd-net@FreeBSD.ORG Wed Nov 15 11:54:18 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.ORG Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1018B16A403 for ; Wed, 15 Nov 2006 11:54:18 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5A90943D62 for ; Wed, 15 Nov 2006 11:54:17 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (sdybkv@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id kAFBsAMj091996 for ; Wed, 15 Nov 2006 12:54:16 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id kAFBsAXT091995; Wed, 15 Nov 2006 12:54:10 +0100 (CET) (envelope-from olli) Date: Wed, 15 Nov 2006 12:54:10 +0100 (CET) Message-Id: <200611151154.kAFBsAXT091995@lurza.secnetix.de> From: Oliver Fromme To: freebsd-net@FreeBSD.ORG In-Reply-To: <200611142020.53178.max@love2party.net> X-Newsgroups: list.freebsd-net User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Wed, 15 Nov 2006 12:54:16 +0100 (CET) Cc: Subject: Re: ipv6 connection hash function wanted ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-net@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG, max@love2party.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Nov 2006 11:54:18 -0000 Max Laier wrote: > David Malone wrote: > > Assuming you don't want to use one of the standard cryptographic > > ones (which I can imagine being a bit slow for something done > > per-packet), then one option might be to use a simpler hash that > > is keyed. Choose the key at boot/module load time and make it hard > > to produce collisions unless you know the key. > > That's exactly what I am looking for ... now I need someone[tm] - with > better Math-Knowledge than mine - to write such a thing down in a simple > formula :-) i.e. take those bits from there and there and XOR them with > your canary yada-yada-yada ... In that case, simply use crc32 (available from libkern.h) and xor with a random key generated at boot time. crc32 is fast to calculate and has the properties that you need. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "Perl will consistently give you what you want, unless what you want is consistency." -- Larry Wall