Wireshark是否使用衆所周知的散列函數來存儲TCP流? (對於那些感興趣的人,他們使用GHashTable)。或者它是Wireshark開發者自己提出的嗎?另外,是否有任何有關其用於輸入數據(即地址和端口)的散列函數的統一性的數據?Wireshark流散列函數
僅供參考,這裏是conversation_key
結構定義:
typedef struct conversation_key {
struct conversation_key *next;
address addr1;
address addr2;
port_type ptype;
guint32 port1;
guint32 port2;
} conversation_key;
,這裏是哈希函數本身:
static guint
conversation_hash_exact(gconstpointer v)
{
const conversation_key *key = (const conversation_key *)v;
guint hash_val;
address tmp_addr;
hash_val = 0;
tmp_addr.len = 4;
ADD_ADDRESS_TO_HASH(hash_val, &key->addr1);
tmp_addr.data = &key->port1;
ADD_ADDRESS_TO_HASH(hash_val, &tmp_addr);
ADD_ADDRESS_TO_HASH(hash_val, &key->addr2);
tmp_addr.data = &key->port2;
ADD_ADDRESS_TO_HASH(hash_val, &tmp_addr);
hash_val += (hash_val << 3);
hash_val ^= (hash_val >> 11);
hash_val += (hash_val << 15);
return hash_val;
}
這ADD_ADDRESS_TO_HASH
宏展開爲一個函數調用:
static inline guint
add_address_to_hash(guint hash_val, const address *addr) {
const guint8 *hash_data = (const guint8 *)(addr)->data;
int idx;
for (idx = 0; idx < (addr)->len; idx++) {
hash_val += hash_data[idx];
hash_val += (hash_val << 10);
hash_val ^= (hash_val >> 6);
}
return hash_val;
}
#define ADD_ADDRESS_TO_HASH(hash_val, addr) do { hash_val = add_address_to_hash(hash_val, (addr)); } while (0)
這是一個衆所周知的散列函數得到了更新,但我忘了是哪一個,讓我查一下。 – Evan 2014-10-03 20:44:47