Re: Route cache performance under stress
From: Florian Weimer <hidden>
Date: 2003-05-26 09:29:02
Possibly related (same subject, not in this thread)
- 2003-06-10 · Re: Route cache performance under stress · chas williams <hidden>
- 2003-06-10 · Re: Route cache performance under stress · David S. Miller <hidden>
- 2003-06-10 · Re: Route cache performance under stress · chas williams <hidden>
- 2003-04-05 · Re: Route cache performance under stress · Martin Josefsson <hidden>
"David S. Miller" [off-list ref] writes:
From: Simon Kirby [off-list ref] Date: Tue, 20 May 2003 17:09:36 -0700 It's rather difficult to follow, but I don't see any "h4r h4r, expl0it th3 L1nux h4sh" comments or anything in the code that seems to attempt to exploit the hash algorithms in (older) Linux. Look at the vc[] table and how it uses this in rndip().
The vc[] table is used to generate packets which don't fall victim to widely implemented source address checks (e.g. "ip verify unicast source reachable-via any" on recent Cisco routers). I've checked the generated packets and they appear to be distributed rather evenly among about 3,000 of the 8,192 hash buckets (with the old hash function, of course), so juno-z.101f.c does not specifically choose source addresses to trigger collisions. (BTW, that's the reason why I consider the hash collision DoS attack not too relevant in practice -- anybody who wants to DoS my machine can probably send lots of packets to it. juno-z.101f.c just works well enough, even if it doesn't saturate all available bandwidth.)