On Monday 08 July 2002 23.30, Don Cohen wrote: > I figure it hardly matters whether I do the analogous thing for > proto, since it's so short.
Actually you could consider proto almost a constant.. I don't think you really gain anything by obfuscating this.. just adding it to the result to make sure different protocols hash into different buckets should suffice just fine me thinks.. but sure, being paranoid does not hurt other than CPU time.. but it should be allowed to influence the hash value. Related note: You only have sport/dport for known protocols such as TCP/UDP/ICMP. On unknown protocols (proto_generic tracking) sport/dport will be all 0, meaning there is only one single conntrack entry per sip/dip/proto tuple for such protocols.. Regards Henrik
