Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 4 May 2003 17:27:53 -0400
From:      Barney Wolff <barney@pit.databus.com>
To:        mark tinguely <tinguely@web.cs.ndsu.nodak.edu>
Cc:        net@freebsd.org
Subject:   Re: Reducing ip_id information leakage
Message-ID:  <20030504212753.GA21240@pit.databus.com>
In-Reply-To: <200305041750.h44HoBbo077630@web.cs.ndsu.nodak.edu>
References:  <200305041750.h44HoBbo077630@web.cs.ndsu.nodak.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 04, 2003 at 12:50:11PM -0500, mark tinguely wrote:
> Less global (think per interface, or per source/destination/port as mentioned
> that is done in Solaris).

Nit: you can't use port, as that will not appear in the frags and you
can't afford collision.

If I were writing the code, I'd do a very fast hash on src/dst/proto
into say 8-10 bits, keep 256-1024 counters, and let it go at that.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030504212753.GA21240>