diff --git a/src/hash.c b/src/hash.c index 1bb8183..2f01c40 100644 --- a/src/hash.c +++ b/src/hash.c @@ -6,9 +6,6 @@ struct hashentry { char value[4]; }; -static uint32_t hashindex(unsigned tablesize, const uint8_t* hash){ - return (*(unsigned *)hash) % tablesize; -} void destroyhashtable(struct hashtable *ht){ @@ -32,6 +29,7 @@ void destroyhashtable(struct hashtable *ht){ _3proxy_mutex_destroy(&ht->hash_mutex); } +#define hashindex(ht, tablesize, hash) (murmurhash3(hash, ht->hash_size, ht->entropy) % tablesize) #define hvalue(ht,I) ((struct hashentry *)(ht->hashvalues + (I-1)*(sizeof(struct hashentry) + ht->recsize - 4))) #define hhash(ht,I) ((ht->hashhashvalues + (I-1)*(ht->hash_size))) @@ -87,6 +85,7 @@ int inithashtable(struct hashtable *ht, unsigned tablesize, unsigned poolsize, u ht->poolsize = poolsize; ht->tablesize = tablesize; ht->growlimit = growlimit; + ht->entropy = myrand(ht, sizeof(struct hashtable)); memset(ht->ihashtable, 0, ht->tablesize * sizeof(uint32_t)); memset(ht->hashvalues, 0, ht->poolsize * (sizeof(struct hashentry) + ht->recsize - 4)); @@ -151,7 +150,7 @@ static void hashgrow(struct hashtable *ht){ uint32_t he = ht->ihashtable[j]; while (he) { uint32_t next = hvalue(ht, he)->inext; - unsigned idx = hashindex(newtablesize, hhash(ht, he)); + unsigned idx = hashindex(ht, newtablesize, hhash(ht, he)); hvalue(ht, he)->inext = newitable[idx]; newitable[idx] = he; he = next; @@ -180,7 +179,7 @@ void hashadd(struct hashtable *ht, void* name, void* value, time_t expires){ ht->index2hash_add(ht, name, hash); _3proxy_mutex_lock(&ht->hash_mutex); - index = hashindex(ht->tablesize, hash); + index = hashindex(ht, ht->tablesize, hash); for(hep = ht->ihashtable + index; (he = *hep)!=0; ){ if(hvalue(ht,he)->expires < conf.time || !memcmp(hash, hhash(ht,he), ht->hash_size)) { @@ -228,7 +227,7 @@ int hashresolv(struct hashtable *ht, void* name, void* value, uint32_t *ttl){ } ht->index2hash_search(ht,name, hash); _3proxy_mutex_lock(&ht->hash_mutex); - index = hashindex(ht->tablesize, hash); + index = hashindex(ht, ht->tablesize, hash); for(hep = ht->ihashtable + index; (he = *hep)!=0; ){ if(hvalue(ht, he)->expires < conf.time) { (*hep) = hvalue(ht,he)->inext; @@ -259,7 +258,7 @@ void hashdelete(struct hashtable *ht, void *name){ } ht->index2hash_search(ht, name, hash); _3proxy_mutex_lock(&ht->hash_mutex); - index = hashindex(ht->tablesize, hash); + index = hashindex(ht, ht->tablesize, hash); for(hep = ht->ihashtable + index; (he = *hep) != 0; ){ if((hvalue(ht, he)->expires && hvalue(ht, he)->expires < conf.time) || !memcmp(hash, hhash(ht, he), ht->hash_size)) { (*hep) = hvalue(ht, he)->inext; diff --git a/src/hashtables.c b/src/hashtables.c index 1d2acd4..71d13eb 100644 --- a/src/hashtables.c +++ b/src/hashtables.c @@ -4,29 +4,64 @@ static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *hash){ blake2b_state S; + int len; - blake2b_init(&S, ht->hash_size); - blake2b_update(&S, index, strlen((const char*)index) + 1); - blake2b_final(&S, hash, ht->hash_size); + len = strlen((const char*)index); + memset(hash, 0, ht->hash_size); + if(len <= ht->hash_size) memcpy(hash, index, len); + else { + blake2b_init(&S, ht->hash_size); + blake2b_update(&S, index, strlen((const char*)index) + 1); + blake2b_final(&S, hash, ht->hash_size); + } } static void param2hash_add(const struct hashtable *ht, void *index, uint8_t *hash){ blake2b_state S; struct clientparam *param = (struct clientparam *)index; unsigned type = param->srv->authcachetype; + int len = 0, oplen = 0, acllen = 0, ulen = 0, plen = 0, hlen = 0, a1len = 0, a2len = 0, a3len = 0, p1len=0, p2len = 0; - blake2b_init(&S, ht->hash_size); - if((type & 2) && param->username)blake2b_update(&S, param->username, strlen((const char *)param->username) + 1); - if((type & 4) && param->password)blake2b_update(&S, param->password, strlen((const char *)param->password) + 1); - if((type & 1) && !(type & 8))blake2b_update(&S, SAADDR(¶m->sincr), SAADDRLEN(¶m->sincr)); - if((type & 16))blake2b_update(&S, ¶m->srv->acl, sizeof(param->srv->acl)); - if((type & 64))blake2b_update(&S, SAADDR(¶m->req), SAADDRLEN(¶m->req)); - if((type & 128))blake2b_update(&S, SAPORT(¶m->req), 2); - if((type & 256) && param->hostname)blake2b_update(&S, param->hostname, strlen((const char *)param->hostname) + 1); - if((type & 512))blake2b_update(&S, ¶m->operation, sizeof(param->operation)); - if((type & 1024))blake2b_update(&S, SAADDR(¶m->srv->intsa), SAADDRLEN(¶m->srv->intsa)); - if((type & 2048))blake2b_update(&S, SAPORT(¶m->srv->intsa), 2); - blake2b_final(&S, hash, ht->hash_size); + + if((type & 2) && param->username) ulen = strlen((const char *)param->username) + 1; + if((type & 4) && param->password) plen = strlen((const char *)param->password) + 1; + if((type & 1) && !(type & 8)) a1len = SAADDRLEN(¶m->sincr); + if((type & 16)) acllen = sizeof(param->srv->acl); + if((type & 64)) a2len = SAADDRLEN(¶m->req); + if((type & 128)) p1len = 2 ; + if((type & 256) && param->hostname) hlen = strlen((const char *)param->hostname) + 1; + if((type & 512)) oplen = sizeof(param->operation); + if((type & 1024)) a3len = SAADDRLEN(¶m->srv->intsa); + if((type & 2048)) p2len = 2; + + memset(hash, 0, ht->hash_size); + if(ulen + plen + a1len + acllen + a2len + p1len + hlen + oplen + a3len + p2len <= ht->hash_size){ + int offset = 0; + if((type & 2) && param->username){ memcpy(hash + offset, param->username, ulen); offset += ulen; } + if((type & 4) && param->password){ memcpy(hash + offset, param->password, plen); offset += plen; } + if((type & 1) && !(type & 8)){ memcpy(hash + offset, SAADDR(¶m->sincr), a1len); offset += a1len; } + if((type & 16)){ memcpy(hash + offset, ¶m->srv->acl, acllen); offset += acllen; } + if((type & 64)){ memcpy(hash + offset, SAADDR(¶m->req), a2len); offset += a2len; } + if((type & 128)){ memcpy(hash + offset, SAPORT(¶m->req), p1len); offset += 2; } + if((type & 256) && param->hostname){ memcpy(hash + offset, param->hostname, hlen); offset += hlen; } + if((type & 512)){ memcpy(hash + offset, ¶m->operation, oplen); offset += oplen; } + if((type & 1024)){ memcpy(hash + offset, SAADDR(¶m->srv->intsa), a3len); offset += a3len; } + if((type & 2048)){ memcpy(hash + offset, SAPORT(¶m->srv->intsa), p2len); offset += 2; } + } + else { + blake2b_init(&S, ht->hash_size); + if((type & 2) && param->username)blake2b_update(&S, param->username, ulen); + if((type & 4) && param->password)blake2b_update(&S, param->password, plen); + if((type & 1) && !(type & 8))blake2b_update(&S, SAADDR(¶m->sincr), a1len); + if((type & 16))blake2b_update(&S, ¶m->srv->acl, acllen); + if((type & 64))blake2b_update(&S, SAADDR(¶m->req), a2len); + if((type & 128))blake2b_update(&S, SAPORT(¶m->req), 2); + if((type & 256) && param->hostname)blake2b_update(&S, param->hostname, hlen); + if((type & 512))blake2b_update(&S, ¶m->operation, sizeof(param->operation)); + if((type & 1024))blake2b_update(&S, SAADDR(¶m->srv->intsa), a3len); + if((type & 2048))blake2b_update(&S, SAPORT(¶m->srv->intsa), 2); + blake2b_final(&S, hash, ht->hash_size); + } memcpy(param->hash, hash, ht->hash_size); } @@ -99,9 +134,9 @@ static void pwnt2hash_search(const struct hashtable *ht, void *index, uint8_t *h -struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 12}; -struct hashtable dns6_table = {char_index2hash, char_index2hash, 16, 12}; -struct hashtable auth_table = {param2hash_add, param2hash_search, sizeof(struct authcache), 12}; +struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 32}; +struct hashtable dns6_table = {char_index2hash, char_index2hash, 16, 32}; +struct hashtable auth_table = {param2hash_add, param2hash_search, sizeof(struct authcache), 64}; struct hashtable pw_table = {pw2hash_add, pw2hash_search, 0, 12}; #ifdef WITH_SSL struct hashtable pwnt_table = {pwnt2hash_add, pwnt2hash_search, 0, 12}; diff --git a/src/structures.h b/src/structures.h index bdfdb27..d043937 100644 --- a/src/structures.h +++ b/src/structures.h @@ -505,6 +505,7 @@ struct hashtable { time_t compacted; uint32_t ihashhashempty; uint32_t ihashempty; + uint32_t entropy; }; struct srvparam {