From: Eric Leblond <eric@regit.org>
Date: Fri, 27 Jul 2012 09:22:03 +0000 (+0200)
Subject: defrag: use IP ID in hash
X-Git-Tag: suricata-1.3.1~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4df509f87a4b077e3a5d53080e2412dc066ed8d6;p=thirdparty%2Fsuricata.git

defrag: use IP ID in hash

This patch fixes the collision issue observed on an intensive network
trafic. When there is fragmentation it is the case for all data
exchanged between two hosts. Thus using a hash func only involving
IP addresses (and protocol) was leading to a collision for all
exchanges between the hosts. At a larger scale, it was resulting in
a packet loss. By using the IP ID instead of the protocol family, we
introduce a real difference between the trackers.
---

diff --git a/src/defrag.c b/src/defrag.c
index 0aafe4b84f..99a320a848 100644
--- a/src/defrag.c
+++ b/src/defrag.c
@@ -231,12 +231,12 @@ DefragHashFunc(HashListTable *ht, void *data, uint16_t datalen)
     uint32_t key;
 
     if (p->af == AF_INET) {
-        key = (defrag_hash_rand + p->af +
+        key = (defrag_hash_rand + p->id +
             p->src_addr.addr_data32[0] + p->dst_addr.addr_data32[0]) %
             defrag_hash_size;
     }
     else if (p->af == AF_INET6) {
-        key = (defrag_hash_rand + p->af +
+        key = (defrag_hash_rand + p->id +
             p->src_addr.addr_data32[0] + p->src_addr.addr_data32[1] +
             p->src_addr.addr_data32[2] + p->src_addr.addr_data32[3] +
             p->dst_addr.addr_data32[0] + p->dst_addr.addr_data32[1] +