Good idea, changed it. Ethan
On Fri, Jul 22, 2011 at 15:24, Ben Pfaff <[email protected]> wrote: > On Fri, Jul 22, 2011 at 01:36:25PM -0700, Ethan Jackson wrote: >> The mac-learning 'secret' parameter is intended to prevent an >> attacker from turning the mac learning table into a linked list by >> using a known hash function to choose perfectly bad mac entries. >> However, this parameter was not taken into account in most cases. >> >> Found by inspection. > > Looks good. I think that instead of: > > return hash_2words(hash_bytes(mac, ETH_ADDR_LEN, vlan), ml->secret); > > we could just use: > > return hash_bytes(mac, ETH_ADDR_LEN, vlan ^ ml->secret); > > and avoid a second hashing step. > _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
