From owner-freebsd-bugs@freebsd.org Mon May 15 21:02:58 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B1FF2D6EBAF for ; Mon, 15 May 2017 21:02:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 823D461E for ; Mon, 15 May 2017 21:02:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4FL2wcj028177 for ; Mon, 15 May 2017 21:02:58 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 217618] Enhance hash function in ip_fw_table_algo.c for flow:hash Date: Mon, 15 May 2017 21:02:58 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-STABLE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: lutz@donnerhacke.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 May 2017 21:02:58 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217618 --- Comment #3 from lutz@donnerhacke.de --- The patch is wrong. It does include too much fields from the record, especi= ally nonstatic ones (e.next) or unknown ones (e.value). The following patch runs ins a production environment. --- sys/netpfil/ipfw/ip_fw_table_algo.c (revision 314807) +++ sys/netpfil/ipfw/ip_fw_table_algo.c (working copy) @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #include @@ -3158,30 +3171,35 @@ return (0); } +#define UPDATE_CRC(c, x) c =3D calculate_crc32c(c, (const char*)&(x), sizeof(x)) static __inline uint32_t hash_flow4(struct fhashentry4 *f, int hsize) { - uint32_t i; + uint32_t i =3D ~0u; + + UPDATE_CRC(i, f->sip); + UPDATE_CRC(i, f->dip); + UPDATE_CRC(i, f->e.sport); + UPDATE_CRC(i, f->e.dport); + UPDATE_CRC(i, f->e.proto); - i =3D (f->dip.s_addr) ^ (f->sip.s_addr) ^ (f->e.dport) ^ (f->e.spor= t); - - return (i % (hsize - 1)); + return ((~i) % (hsize - 1)); } static __inline uint32_t hash_flow6(struct fhashentry6 *f, int hsize) { - uint32_t i; + uint32_t i =3D ~0u; + + UPDATE_CRC(i, f->sip6); + UPDATE_CRC(i, f->dip6); + UPDATE_CRC(i, f->e.sport); + UPDATE_CRC(i, f->e.dport); + UPDATE_CRC(i, f->e.proto); - i =3D (f->dip6.__u6_addr.__u6_addr32[2]) ^ - (f->dip6.__u6_addr.__u6_addr32[3]) ^ - (f->sip6.__u6_addr.__u6_addr32[2]) ^ - (f->sip6.__u6_addr.__u6_addr32[3]) ^ - (f->e.dport) ^ (f->e.sport); - - return (i % (hsize - 1)); + return ((~i) % (hsize - 1)); } - +#undef UPDATE_CRC static uint32_t hash_flow_ent(struct fhashentry *ent, uint32_t size) { --=20 You are receiving this mail because: You are the assignee for the bug.=