From owner-svn-src-projects@FreeBSD.ORG Wed Sep 5 04:50:21 2012 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9807B106564A; Wed, 5 Sep 2012 04:50:21 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 6ACDF8FC0C; Wed, 5 Sep 2012 04:50:21 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q854oLtM075977; Wed, 5 Sep 2012 04:50:21 GMT (envelope-from glebius@svn.freebsd.org) Received: (from glebius@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q854oL7J075975; Wed, 5 Sep 2012 04:50:21 GMT (envelope-from glebius@svn.freebsd.org) Message-Id: <201209050450.q854oL7J075975@svn.freebsd.org> From: Gleb Smirnoff Date: Wed, 5 Sep 2012 04:50:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r240125 - projects/pf/head/sys/contrib/pf/net X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2012 04:50:21 -0000 Author: glebius Date: Wed Sep 5 04:50:20 2012 New Revision: 240125 URL: http://svn.freebsd.org/changeset/base/240125 Log: Use Jenkins's hash with random seed for pf keys. Modified: projects/pf/head/sys/contrib/pf/net/pf.c Modified: projects/pf/head/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf.c Wed Sep 5 02:26:13 2012 (r240124) +++ projects/pf/head/sys/contrib/pf/net/pf.c Wed Sep 5 04:50:20 2012 (r240125) @@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -395,57 +396,17 @@ SYSCTL_VNET_UINT(_net_pf, OID_AUTO, sour VNET_DEFINE(void *, pf_swi_cookie); -/* - * Hash function shamelessly taken from ng_netflow(4), trusting - * mav@ and melifaro@ data on its decent distribution. - */ -static __inline u_int +VNET_DEFINE(uint32_t, pf_hashseed); +#define V_pf_hashseed VNET(pf_hashseed) + +static __inline uint32_t pf_hashkey(struct pf_state_key *sk) { - u_int h; + uint32_t h; -#define FULL_HASH(a1, a2, p1, p2) \ - (((a1) ^ ((a1) >> 16) ^ \ - htons((a2) ^ ((a2) >> 16))) ^ \ - (p1) ^ htons(p2)) - -#define ADDR_HASH(a1, a2) \ - ((a1) ^ ((a1) >> 16) ^ \ - htons((a2) ^ ((a2) >> 16))) - - switch (sk->af) { - case AF_INET: - switch (sk->proto) { - case IPPROTO_TCP: - case IPPROTO_UDP: - h = FULL_HASH(sk->addr[0].v4.s_addr, - sk->addr[1].v4.s_addr, sk->port[0], sk->port[1]); - break; - default: - h = ADDR_HASH(sk->addr[0].v4.s_addr, - sk->addr[1].v4.s_addr); - break; - } - break; - case AF_INET6: - switch (sk->proto) { - case IPPROTO_TCP: - case IPPROTO_UDP: - h = FULL_HASH(sk->addr[0].v6.__u6_addr.__u6_addr32[3], - sk->addr[1].v6.__u6_addr.__u6_addr32[3], - sk->port[0], sk->port[1]); - break; - default: - h = ADDR_HASH(sk->addr[0].v6.__u6_addr.__u6_addr32[3], - sk->addr[1].v6.__u6_addr.__u6_addr32[3]); - break; - } - break; - default: - panic("%s: unknown address family %u", __func__, sk->af); - } -#undef FULL_HASH -#undef ADDR_HASH + h = jenkins_hash32((uint32_t *)sk, + sizeof(struct pf_state_key_cmp)/sizeof(uint32_t), + V_pf_hashseed); return (h & V_pf_hashmask); } @@ -733,6 +694,8 @@ pf_initialize() if (V_pf_srchashsize == 0 || !powerof2(V_pf_srchashsize)) V_pf_srchashsize = PF_HASHSIZ / 4; + V_pf_hashseed = arc4random(); + /* States and state keys storage. */ V_pf_state_z = uma_zcreate("pf states", sizeof(struct pf_state), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);