[ovs-dev] [mlhash2 1/2] mac-learning: Use random secret in hash function.
Ben Pfaff
blp at nicira.com
Fri Jul 22 22:24:30 UTC 2011
On Fri, Jul 22, 2011 at 01:36:25PM -0700, Ethan Jackson wrote:
> The mac-learning 'secret' parameter is intended to prevent an
> attacker from turning the mac learning table into a linked list by
> using a known hash function to choose perfectly bad mac entries.
> However, this parameter was not taken into account in most cases.
>
> Found by inspection.
Looks good. I think that instead of:
return hash_2words(hash_bytes(mac, ETH_ADDR_LEN, vlan), ml->secret);
we could just use:
return hash_bytes(mac, ETH_ADDR_LEN, vlan ^ ml->secret);
and avoid a second hashing step.
More information about the dev
mailing list