Wireshark是否使用众所周知的散列函数来存储TCP流? (对于那些感兴趣的人,他们使用GHashTable)。或者它是Wireshark开发者自己提出的吗?另外,是否有任何有关其用于输入数据(即地址和端口)的散列函数的统一性的数据?Wireshark流散列函数
仅供参考,这里是conversation_key
结构定义:
typedef struct conversation_key {
struct conversation_key *next;
address addr1;
address addr2;
port_type ptype;
guint32 port1;
guint32 port2;
} conversation_key;
,这里是哈希函数本身:
static guint
conversation_hash_exact(gconstpointer v)
{
const conversation_key *key = (const conversation_key *)v;
guint hash_val;
address tmp_addr;
hash_val = 0;
tmp_addr.len = 4;
ADD_ADDRESS_TO_HASH(hash_val, &key->addr1);
tmp_addr.data = &key->port1;
ADD_ADDRESS_TO_HASH(hash_val, &tmp_addr);
ADD_ADDRESS_TO_HASH(hash_val, &key->addr2);
tmp_addr.data = &key->port2;
ADD_ADDRESS_TO_HASH(hash_val, &tmp_addr);
hash_val += (hash_val << 3);
hash_val ^= (hash_val >> 11);
hash_val += (hash_val << 15);
return hash_val;
}
这ADD_ADDRESS_TO_HASH
宏展开为一个函数调用:
static inline guint
add_address_to_hash(guint hash_val, const address *addr) {
const guint8 *hash_data = (const guint8 *)(addr)->data;
int idx;
for (idx = 0; idx < (addr)->len; idx++) {
hash_val += hash_data[idx];
hash_val += (hash_val << 10);
hash_val ^= (hash_val >> 6);
}
return hash_val;
}
#define ADD_ADDRESS_TO_HASH(hash_val, addr) do { hash_val = add_address_to_hash(hash_val, (addr)); } while (0)
这是一个众所周知的散列函数得到了更新,但我忘了是哪一个,让我查一下。 – Evan 2014-10-03 20:44:47