Well, unlike Alexey I accept opinions even when a work has been done :-)
On Mon, Oct 04, 1999 at 10:25:19PM +0200, Andi Kleen wrote:
> The secure RND can run with a few cache lines, the AVL inetpeer
> code needs a potentially unlimited number of cache lines. Given
> the current CPU/memory speed ratio, I think the OpenBSD approach
> looks much better (my first vote for the per-dst counter was based
> on the assumptions that it is free because the routing cache can be
> used). Also I think the secure RND is needed anyways to generate
I thought that the IDs can be stored in the routing cache directly.
Alexey explained me why they should not and I agreed.
BTW, OpenBSD solution sucks. After some analisys now I'm able to predict the
whole sequence taking 7 consecutive IDs. You may send me an example and
I'll send you a sequence of the next IDs :-)
Now we have a strong RND based generator for the first ID for a peer. But
its fairly slow (MD4 hash) and can't be used for every packet. Strength of
the generator and requirements for a guaranteed long period contradicts each
other.
> the initial per destination ip counter (so unless you always talk
> to the same host the overhead is the same + some ugly code)
Andrey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/