On Thu, Nov 16, 2006 at 05:52:32PM +0900, JINMEI Tatuya / [EMAIL
PROTECTED]@C#:H wrote:
> If you want something whose behavior is mathematically guaranteed, I'd
> recommend universal hashing as already suggested in this thread.
Yep - I agree. I'll try and sort something out for Max - it may
need
JINMEI Tatuya / wrote:
On Tue, 14 Nov 2006 20:20:47 +0100,
Max Laier <[EMAIL PROTECTED]> said:
Any ideas? Any papers that deal with this problem?
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for some
> On Tue, 14 Nov 2006 20:20:47 +0100,
> Max Laier <[EMAIL PROTECTED]> said:
>> > Any ideas? Any papers that deal with this problem?
>>
>> Assuming you don't want to use one of the standard cryptographic
>> ones (which I can imagine being a bit slow for something done
>> per-packet), the
Max Laier wrote:
> Oops, I missed one requirement:
> /*
> * IMPORTANT: the hash function for dynamic rules must be commutative
> * in source and destination (ip,port), because rules are bidirectional
> * and we want to find both in the same bucket.
> */
OK, then you have to perform a com
On Wed, Nov 15, 2006 at 01:53:12PM +0100, Max Laier wrote:
> AFAICT, the attached has this property, but I have no idea if it adds
> sufficient entropy to the result - it looks like it, though.
You should do at least some bit shifting on the arguments as typical
ipv6 addresses are by default MAC
On Wednesday 15 November 2006 12:26, Oliver Fromme wrote:
> Max Laier wrote:
> > David Malone wrote:
> > > Assuming you don't want to use one of the standard cryptographic
> > > ones (which I can imagine being a bit slow for something done
> > > per-packet), then one option might be to use a si
Oliver Fromme wrote:
> Max Laier wrote:
> > David Malone wrote:
> > > Assuming you don't want to use one of the standard cryptographic
> > > ones (which I can imagine being a bit slow for something done
> > > per-packet), then one option might be to use a simpler hash that
> > > is keyed. Cho
Max Laier wrote:
> David Malone wrote:
> > Assuming you don't want to use one of the standard cryptographic
> > ones (which I can imagine being a bit slow for something done
> > per-packet), then one option might be to use a simpler hash that
> > is keyed. Choose the key at boot/module load ti
On Tuesday 14 November 2006 20:09, David Malone wrote:
> On Tue, Nov 14, 2006 at 05:09:20PM +0100, Max Laier wrote:
> > Any ideas? Any papers that deal with this problem?
>
> Assuming you don't want to use one of the standard cryptographic
> ones (which I can imagine being a bit slow for something
On Tue, Nov 14, 2006 at 05:09:20PM +0100, Max Laier wrote:
> Any ideas? Any papers that deal with this problem?
Assuming you don't want to use one of the standard cryptographic
ones (which I can imagine being a bit slow for something done
per-packet), then one option might be to use a simpler has
Hello,
this one is something for people who know their math.
Input: 2x128bit of address (lower ~80bit selectable by user) and 2x16bit
of ports (more or less selectable by user). Note that the "flow_id" is
not useable as several broken stack implementations do not set it
consistently - and it
On Tue, 14 Nov 2006, Max Laier wrote:
> this one is something for people who know their math.
>
> Input: 2x128bit of address (lower ~80bit selectable by user) and 2x16bit
> of ports (more or less selectable by user). Note that the "flow_id" is
> not useable as several broken stack implementations
12 matches
Mail list logo