Reducing ip_id information leakage
Barney Wolff
barney at pit.databus.com
Sun May 4 14:27:56 PDT 2003
On Sun, May 04, 2003 at 12:50:11PM -0500, mark tinguely wrote:
> Less global (think per interface, or per source/destination/port as mentioned
> that is done in Solaris).
Nit: you can't use port, as that will not appear in the frags and you
can't afford collision.
If I were writing the code, I'd do a very fast hash on src/dst/proto
into say 8-10 bits, keep 256-1024 counters, and let it go at that.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
More information about the freebsd-net
mailing list