summaryrefslogtreecommitdiff
path: root/include/net/inet6_hashtables.h
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2007-03-23 11:40:27 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2007-04-25 22:28:06 -0700
commitb3da2cf37c5c6e47698957a25ab43a7223dbb90f (patch)
treee8892392aaf7e3d3544ede23c21791e2317b177d /include/net/inet6_hashtables.h
parentd30045a0bcf144753869175dd9d840f7ceaf4aba (diff)
downloadlwn-b3da2cf37c5c6e47698957a25ab43a7223dbb90f.tar.gz
lwn-b3da2cf37c5c6e47698957a25ab43a7223dbb90f.zip
[INET]: Use jhash + random secret for ehash.
The days are gone when this was not an issue, there are folks out there with huge bot networks that can be used to attack the established hash tables on remote systems. So just like the routing cache and connection tracking hash, use Jenkins hash with random secret input. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/inet6_hashtables.h')
-rw-r--r--include/net/inet6_hashtables.h12
1 files changed, 7 insertions, 5 deletions
diff --git a/include/net/inet6_hashtables.h b/include/net/inet6_hashtables.h
index c28e424f53d9..668056b4bb0b 100644
--- a/include/net/inet6_hashtables.h
+++ b/include/net/inet6_hashtables.h
@@ -19,6 +19,9 @@
#include <linux/in6.h>
#include <linux/ipv6.h>
#include <linux/types.h>
+#include <linux/jhash.h>
+
+#include <net/inet_sock.h>
#include <net/ipv6.h>
@@ -28,12 +31,11 @@ struct inet_hashinfo;
static inline unsigned int inet6_ehashfn(const struct in6_addr *laddr, const u16 lport,
const struct in6_addr *faddr, const __be16 fport)
{
- unsigned int hashent = (lport ^ (__force u16)fport);
+ u32 ports = (lport ^ (__force u16)fport);
- hashent ^= (__force u32)(laddr->s6_addr32[3] ^ faddr->s6_addr32[3]);
- hashent ^= hashent >> 16;
- hashent ^= hashent >> 8;
- return hashent;
+ return jhash_3words((__force u32)laddr->s6_addr32[3],
+ (__force u32)faddr->s6_addr32[3],
+ ports, inet_ehash_secret);
}
static inline int inet6_sk_ehashfn(const struct sock *sk)