aboutsummaryrefslogtreecommitdiff
path: root/include/net/inet_sock.h
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2007-03-23 11:40:27 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2007-04-25 22:28:06 -0700
commitb3da2cf37c5c6e47698957a25ab43a7223dbb90f (patch)
treee8892392aaf7e3d3544ede23c21791e2317b177d /include/net/inet_sock.h
parentd30045a0bcf144753869175dd9d840f7ceaf4aba (diff)
[INET]: Use jhash + random secret for ehash.
The days are gone when this was not an issue, there are folks out there with huge bot networks that can be used to attack the established hash tables on remote systems. So just like the routing cache and connection tracking hash, use Jenkins hash with random secret input. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/inet_sock.h')
-rw-r--r--include/net/inet_sock.h11
1 files changed, 7 insertions, 4 deletions
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h
index ce6da97bc84..62daf214931 100644
--- a/include/net/inet_sock.h
+++ b/include/net/inet_sock.h
@@ -19,6 +19,7 @@
#include <linux/string.h>
#include <linux/types.h>
+#include <linux/jhash.h>
#include <net/flow.h>
#include <net/sock.h>
@@ -167,13 +168,15 @@ static inline void inet_sk_copy_descendant(struct sock *sk_to,
extern int inet_sk_rebuild_header(struct sock *sk);
+extern u32 inet_ehash_secret;
+extern void build_ehash_secret(void);
+
static inline unsigned int inet_ehashfn(const __be32 laddr, const __u16 lport,
const __be32 faddr, const __be16 fport)
{
- unsigned int h = ((__force __u32)laddr ^ lport) ^ ((__force __u32)faddr ^ (__force __u32)fport);
- h ^= h >> 16;
- h ^= h >> 8;
- return h;
+ return jhash_2words((__force __u32) laddr ^ (__force __u32) faddr,
+ ((__u32) lport) << 16 | (__force __u32)fport,
+ inet_ehash_secret);
}
static inline int inet_sk_ehashfn(const struct sock *sk)