Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
08dbab2c
Commit
08dbab2c
authored
Jul 12, 2003
by
David S. Miller
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[IPV4]: Always use Jenkins hash in ipvs conn table, use get_random_bytes() to init key.
parent
3aa356fc
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
3 additions
and
70 deletions
+3
-70
net/ipv4/ipvs/Kconfig
net/ipv4/ipvs/Kconfig
+0
-52
net/ipv4/ipvs/ip_vs_conn.c
net/ipv4/ipvs/ip_vs_conn.c
+3
-18
No files found.
net/ipv4/ipvs/Kconfig
View file @
08dbab2c
...
@@ -62,58 +62,6 @@ config IP_VS_TAB_BITS
...
@@ -62,58 +62,6 @@ config IP_VS_TAB_BITS
each hash entry uses 8 bytes, so you can estimate how much memory is
each hash entry uses 8 bytes, so you can estimate how much memory is
needed for your box.
needed for your box.
choice
prompt "IPVS connection hash function"
default IP_VS_HASH_JENKINS
---help---
IPVS connection hash function is used to hash IPVS connection
entries. It takes the protocol, client address and port number
<proto, addr, port> (in network order) to compute hash key.
Here you need to choose a hash function to compute hash key.
The Jenkins hash is recommended by default.
config IP_VS_HASH_SHIFTXOR
bool "SHIFTXOR"
---help---
The SHIFTXOR hash function is to compute key in the following way:
key = ntohl(addr) + ip_vs_conn_rnd;
key ^= (key >> IP_VS_CONN_TAB_BITS);
key ^= (key >> 23);
key = proto ^ key ^ ntohs(port)) & IP_VS_CONN_TAB_MASK;
The random value ip_vs_conn_rnd is introduced to prevent from
hash attack.
config IP_VS_HASH_GOLDENRATIO
bool "GOLDENRATIO"
---help---
In Knuth's "The Art of Computer Programming", section 6.4, a
multiplicative hashing scheme is introduced as a way to write hash
function. The key is multiplied by the golden ratio of 2^32
(2654435761) to produce a hash result. Note that 2654435761 is
also a prime number.
The GOLDENRATIO hash function is to compute connection hash key
in the following way:
key = ip_vs_conn_rnd ^ (proto + addr + port);
key = ((key * 2654435761) >> (31 - IP_VS_CONN_TAB_BITS))
& IP_VS_CONN_TAB_MASK;
config IP_VS_HASH_JENKINS
bool "JENKINS"
---help---
The Jenkins hash support is included in the Linux kernel, the
header file is at linux/include/jhash.h. You can read the
http://burtleburtle.net/bob/hash/index.html for more information
about the Jenkins hash.
The Jenkins hash function is used to compute connection hash key
in the following way:
key = jhash_3words(addr, port, proto, ip_vs_conn_rnd)
& IP_VS_CONN_TAB_MASK;
endchoice
comment "IPVS transport protocol load balancing support"
comment "IPVS transport protocol load balancing support"
depends on IP_VS
depends on IP_VS
...
...
net/ipv4/ipvs/ip_vs_conn.c
View file @
08dbab2c
...
@@ -31,6 +31,7 @@
...
@@ -31,6 +31,7 @@
#include <linux/vmalloc.h>
#include <linux/vmalloc.h>
#include <linux/proc_fs.h>
/* for proc_net_* */
#include <linux/proc_fs.h>
/* for proc_net_* */
#include <linux/jhash.h>
#include <linux/jhash.h>
#include <linux/random.h>
#include <net/ip_vs.h>
#include <net/ip_vs.h>
...
@@ -112,24 +113,10 @@ static inline void ct_write_unlock_bh(unsigned key)
...
@@ -112,24 +113,10 @@ static inline void ct_write_unlock_bh(unsigned key)
/*
/*
* Returns hash value for IPVS connection entry
* Returns hash value for IPVS connection entry
*/
*/
static
inline
unsigned
static
unsigned
int
ip_vs_conn_hashkey
(
unsigned
proto
,
__u32
addr
,
__u16
port
)
ip_vs_conn_hashkey
(
unsigned
proto
,
__u32
addr
,
__u16
port
)
{
{
#ifdef CONFIG_IP_VS_HASH_SHIFTXOR
unsigned
key
=
ntohl
(
addr
)
+
ip_vs_conn_rnd
;
key
^=
(
key
>>
IP_VS_CONN_TAB_BITS
);
key
^=
(
key
>>
23
);
return
(
proto
^
key
^
ntohs
(
port
))
&
IP_VS_CONN_TAB_MASK
;
#endif
#ifdef CONFIG_IP_VS_HASH_GOLDENRATIO
return
(((
ip_vs_conn_rnd
^
(
proto
+
addr
+
port
))
*
2654435761UL
)
>>
(
31
-
IP_VS_CONN_TAB_BITS
))
&
IP_VS_CONN_TAB_MASK
;
#endif
#ifdef CONFIG_IP_VS_HASH_JENKINS
return
jhash_3words
(
addr
,
port
,
proto
,
ip_vs_conn_rnd
)
return
jhash_3words
(
addr
,
port
,
proto
,
ip_vs_conn_rnd
)
&
IP_VS_CONN_TAB_MASK
;
&
IP_VS_CONN_TAB_MASK
;
#endif
}
}
...
@@ -865,9 +852,7 @@ int ip_vs_conn_init(void)
...
@@ -865,9 +852,7 @@ int ip_vs_conn_init(void)
proc_net_create
(
"ip_vs_conn"
,
0
,
ip_vs_conn_getinfo
);
proc_net_create
(
"ip_vs_conn"
,
0
,
ip_vs_conn_getinfo
);
/* calculate the random value for connection hash */
/* calculate the random value for connection hash */
ip_vs_conn_rnd
=
get_random_bytes
(
&
ip_vs_conn_rnd
,
sizeof
(
ip_vs_conn_rnd
));
jhash_3words
((
u32
)
jiffies
,
(
u32
)
ip_vs_conn_tab
,
net_random
(),
IP_VS_CONN_TAB_SIZE
);
return
0
;
return
0
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment