On Mon, Mar 28, 2011 at 02:36:58PM -0700, Ethan Jackson wrote: > > Well, in some cases, we *do* use a deterministic hash function to > > generate tags (see tag_create_deterministic()), but in general I > > regard randomly selected bits to be better, when we can afford to > > store them, because to my mind it makes it harder for attackers to > > force collisions. > > Oh sure, I wasn't criticizing the design decision, I hardly think > storing 32bits of information per flow is an issue, and we probably > get much better hashing characteristics out of this approach.
I wasn't taking it as a criticism, for what it's worth. I'm actually not all that happy with the design. It's clever, but that's not really a good thing. I keep hoping that some better design (that is, one that is precise about what flows need to be revalidated but still does not require a lot of careful maintenance of lists or bitmaps that take up a great deal of memory) will magically materialize. I doubt it, though. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
