Open hashkash opened 4 years ago
The salt value used (33554944) is correct afaiu.
Perhaps I misunderstood this when I opened the issue so please correct me. I know understand the collision results as follows.
Only the source ip and ports were used as that's attacker controlled. So, the collisions indicate that (sip1, sp1) and (sip2, sp2) will result in a collision? Would this still hold if the destination port is also included in the hash? If not, then, I would suggest to include destination port 80 and 443 to obtain new collisions.
Wdyt?
I noticed that the collisions were based on only the source ip and port, however, iiuc, Katran uses the source and destination ports [1] as the second argument to jhash_2words [2]. As I couldn't get this to build and it runs pretty fast, could you please include the destination port as well?
Not sure if the below code suggestion is correct.
[1] https://github.com/facebookincubator/katran/blob/7355f08aba1e174444ea025d2f9bba78c768842a/katran/lib/bpf/balancer_structs.h#L36 [2] https://github.com/facebookincubator/katran/blob/1476600aa4150a9cc04745401f90e34e96ec1fd0/katran/lib/bpf/balancer_kern.c#L31