Patchwork [2/2] ipv4: Use universal hash for ARP.

login
register
mail settings
Submitter David Miller
Date July 11, 2011, 8:48 a.m.
Message ID <20110711.014845.1009062692530385177.davem@davemloft.net>
Download mbox | patch
Permalink /patch/104187/
State Accepted
Delegated to: David Miller
Headers show

Comments

David Miller - July 11, 2011, 8:48 a.m.
We need to make sure the multiplier is odd.

Signed-off-by: David S. Miller <davem@davemloft.net>
---
 include/net/arp.h    |    7 +++++++
 net/core/neighbour.c |    1 +
 net/ipv4/arp.c       |    3 +--
 3 files changed, 9 insertions(+), 2 deletions(-)
Roland Dreier - July 13, 2011, 5:59 p.m.
On Mon, Jul 11, 2011 at 1:48 AM, David Miller <davem@davemloft.net> wrote:
> +static inline u32 arp_hashfn(u32 key, const struct net_device *dev, u32 hash_rnd)
> +{
> +       u32 val = key ^ dev->ifindex;
> +
> +       return val * hash_rnd;
> +}

OK, I suggested this, and there's nothing obviously wrong with it.

But I would hope that someone actually vetted that this provides
enough variation between different hash_rnd values to avoid hash
chain attacks.

 - R.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/include/net/arp.h b/include/net/arp.h
index 91f0568..723bde5 100644
--- a/include/net/arp.h
+++ b/include/net/arp.h
@@ -8,6 +8,13 @@ 
 
 extern struct neigh_table arp_tbl;
 
+static inline u32 arp_hashfn(u32 key, const struct net_device *dev, u32 hash_rnd)
+{
+	u32 val = key ^ dev->ifindex;
+
+	return val * hash_rnd;
+}
+
 extern void	arp_init(void);
 extern int	arp_find(unsigned char *haddr, struct sk_buff *skb);
 extern int	arp_ioctl(struct net *net, unsigned int cmd, void __user *arg);
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 4d5fc94..50bd960 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -334,6 +334,7 @@  static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
 	ret->hash_buckets = buckets;
 	ret->hash_shift = shift;
 	get_random_bytes(&ret->hash_rnd, sizeof(ret->hash_rnd));
+	ret->hash_rnd |= 1;
 	return ret;
 }
 
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 1b74d3b..4412b57 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -97,7 +97,6 @@ 
 #include <linux/init.h>
 #include <linux/net.h>
 #include <linux/rcupdate.h>
-#include <linux/jhash.h>
 #include <linux/slab.h>
 #ifdef CONFIG_SYSCTL
 #include <linux/sysctl.h>
@@ -232,7 +231,7 @@  static u32 arp_hash(const void *pkey,
 		    const struct net_device *dev,
 		    __u32 hash_rnd)
 {
-	return jhash_2words(*(u32 *)pkey, dev->ifindex, hash_rnd);
+	return arp_hashfn(*(u32 *)pkey, dev, hash_rnd);
 }
 
 static int arp_constructor(struct neighbour *neigh)