On Tue, 14 Nov 2006 20:20:47 +0100,
Max Laier [EMAIL PROTECTED] said:
Any ideas? Any papers that deal with this problem?
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for something done
per-packet), then one option might be
JINMEI Tatuya / wrote:
On Tue, 14 Nov 2006 20:20:47 +0100,
Max Laier [EMAIL PROTECTED] said:
Any ideas? Any papers that deal with this problem?
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for
On Thu, Nov 16, 2006 at 05:52:32PM +0900, JINMEI Tatuya / [EMAIL
PROTECTED]@C#:H wrote:
If you want something whose behavior is mathematically guaranteed, I'd
recommend universal hashing as already suggested in this thread.
Yep - I agree. I'll try and sort something out for Max - it may
need
Max Laier wrote:
David Malone wrote:
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for something done
per-packet), then one option might be to use a simpler hash that
is keyed. Choose the key at boot/module load time and
Oliver Fromme wrote:
Max Laier wrote:
David Malone wrote:
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for something done
per-packet), then one option might be to use a simpler hash that
is keyed. Choose the key at
On Wednesday 15 November 2006 12:26, Oliver Fromme wrote:
Max Laier wrote:
David Malone wrote:
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for something done
per-packet), then one option might be to use a simpler hash
On Wed, Nov 15, 2006 at 01:53:12PM +0100, Max Laier wrote:
AFAICT, the attached has this property, but I have no idea if it adds
sufficient entropy to the result - it looks like it, though.
You should do at least some bit shifting on the arguments as typical
ipv6 addresses are by default MAC
Max Laier wrote:
Oops, I missed one requirement:
/*
* IMPORTANT: the hash function for dynamic rules must be commutative
* in source and destination (ip,port), because rules are bidirectional
* and we want to find both in the same bucket.
*/
OK, then you have to perform a
Hello,
this one is something for people who know their math.
Input: 2x128bit of address (lower ~80bit selectable by user) and 2x16bit
of ports (more or less selectable by user). Note that the flow_id is
not useable as several broken stack implementations do not set it
consistently - and it
On Tue, 14 Nov 2006, Max Laier wrote:
this one is something for people who know their math.
Input: 2x128bit of address (lower ~80bit selectable by user) and 2x16bit
of ports (more or less selectable by user). Note that the flow_id is
not useable as several broken stack implementations do
On Tue, Nov 14, 2006 at 05:09:20PM +0100, Max Laier wrote:
Any ideas? Any papers that deal with this problem?
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for something done
per-packet), then one option might be to use a simpler
On Tuesday 14 November 2006 20:09, David Malone wrote:
On Tue, Nov 14, 2006 at 05:09:20PM +0100, Max Laier wrote:
Any ideas? Any papers that deal with this problem?
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for something done
12 matches
Mail list logo
