Date: Sun, 4 May 2003 17:27:53 -0400 From: Barney Wolff <barney@pit.databus.com> To: mark tinguely <tinguely@web.cs.ndsu.nodak.edu> Cc: net@freebsd.org Subject: Re: Reducing ip_id information leakage Message-ID: <20030504212753.GA21240@pit.databus.com> In-Reply-To: <200305041750.h44HoBbo077630@web.cs.ndsu.nodak.edu> References: <200305041750.h44HoBbo077630@web.cs.ndsu.nodak.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 04, 2003 at 12:50:11PM -0500, mark tinguely wrote: > Less global (think per interface, or per source/destination/port as mentioned > that is done in Solaris). Nit: you can't use port, as that will not appear in the frags and you can't afford collision. If I were writing the code, I'd do a very fast hash on src/dst/proto into say 8-10 bits, keep 256-1024 counters, and let it go at that. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030504212753.GA21240>