On Fri, Jul 22, 2011 at 01:36:25PM -0700, Ethan Jackson wrote:
> The mac-learning 'secret' parameter is intended to prevent an
> attacker from turning the mac learning table into a linked list by
> using a known hash function to choose perfectly bad mac entries.
> However, this parameter was not taken into account in most cases.
>
> Found by inspection.
Looks good. I think that instead of:
return hash_2words(hash_bytes(mac, ETH_ADDR_LEN, vlan), ml->secret);
we could just use:
return hash_bytes(mac, ETH_ADDR_LEN, vlan ^ ml->secret);
and avoid a second hashing step.
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
