Date: Wed, 5 Sep 2012 04:50:21 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r240125 - projects/pf/head/sys/contrib/pf/net Message-ID: <201209050450.q854oL7J075975@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Wed Sep 5 04:50:20 2012 New Revision: 240125 URL: http://svn.freebsd.org/changeset/base/240125 Log: Use Jenkins's hash with random seed for pf keys. Modified: projects/pf/head/sys/contrib/pf/net/pf.c Modified: projects/pf/head/sys/contrib/pf/net/pf.c ============================================================================== --- projects/pf/head/sys/contrib/pf/net/pf.c Wed Sep 5 02:26:13 2012 (r240124) +++ projects/pf/head/sys/contrib/pf/net/pf.c Wed Sep 5 04:50:20 2012 (r240125) @@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$"); #include <sys/mbuf.h> #include <sys/interrupt.h> #include <sys/filio.h> +#include <sys/hash.h> #include <sys/socket.h> #include <sys/socketvar.h> #include <sys/kernel.h> @@ -395,57 +396,17 @@ SYSCTL_VNET_UINT(_net_pf, OID_AUTO, sour VNET_DEFINE(void *, pf_swi_cookie); -/* - * Hash function shamelessly taken from ng_netflow(4), trusting - * mav@ and melifaro@ data on its decent distribution. - */ -static __inline u_int +VNET_DEFINE(uint32_t, pf_hashseed); +#define V_pf_hashseed VNET(pf_hashseed) + +static __inline uint32_t pf_hashkey(struct pf_state_key *sk) { - u_int h; + uint32_t h; -#define FULL_HASH(a1, a2, p1, p2) \ - (((a1) ^ ((a1) >> 16) ^ \ - htons((a2) ^ ((a2) >> 16))) ^ \ - (p1) ^ htons(p2)) - -#define ADDR_HASH(a1, a2) \ - ((a1) ^ ((a1) >> 16) ^ \ - htons((a2) ^ ((a2) >> 16))) - - switch (sk->af) { - case AF_INET: - switch (sk->proto) { - case IPPROTO_TCP: - case IPPROTO_UDP: - h = FULL_HASH(sk->addr[0].v4.s_addr, - sk->addr[1].v4.s_addr, sk->port[0], sk->port[1]); - break; - default: - h = ADDR_HASH(sk->addr[0].v4.s_addr, - sk->addr[1].v4.s_addr); - break; - } - break; - case AF_INET6: - switch (sk->proto) { - case IPPROTO_TCP: - case IPPROTO_UDP: - h = FULL_HASH(sk->addr[0].v6.__u6_addr.__u6_addr32[3], - sk->addr[1].v6.__u6_addr.__u6_addr32[3], - sk->port[0], sk->port[1]); - break; - default: - h = ADDR_HASH(sk->addr[0].v6.__u6_addr.__u6_addr32[3], - sk->addr[1].v6.__u6_addr.__u6_addr32[3]); - break; - } - break; - default: - panic("%s: unknown address family %u", __func__, sk->af); - } -#undef FULL_HASH -#undef ADDR_HASH + h = jenkins_hash32((uint32_t *)sk, + sizeof(struct pf_state_key_cmp)/sizeof(uint32_t), + V_pf_hashseed); return (h & V_pf_hashmask); } @@ -733,6 +694,8 @@ pf_initialize() if (V_pf_srchashsize == 0 || !powerof2(V_pf_srchashsize)) V_pf_srchashsize = PF_HASHSIZ / 4; + V_pf_hashseed = arc4random(); + /* States and state keys storage. */ V_pf_state_z = uma_zcreate("pf states", sizeof(struct pf_state), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209050450.q854oL7J075975>