Project

General

Profile

Actions

Optimization #3322

open

Use standard CRC32 for hash-like functions

Added by Philippe Antoine almost 5 years ago. Updated about 1 month ago.

Status:
New
Priority:
Low
Target version:
Effort:
low
Difficulty:
Label:

Description

Instead of a custom one (as CRC32 was I think designed for kind of avoiding collisions)

One such function is StringHash cf https://github.com/OISF/suricata/pull/4337


Related issues 2 (1 open1 closed)

Related to Suricata - Security #7209: thash: random factor not used; possible abusive hash collisionsClosedPhilippe AntoineActions
Blocked by Suricata - Bug #4265: QA lab: add possibility to do repeatable replay testsIn ProgressPeter ManevActions
Actions #1

Updated by Victor Julien almost 5 years ago

As we discussed offline, it would be nice to create some kind of benchmarking framework where we could validate such changes. Pure pcap tests may not always give enough insight. For example with the bm optimizations pcap based tests showed no difference, while I think more micro level benchmarks would have shown something.

Actions #2

Updated by Philippe Antoine almost 5 years ago

It would be nice if this benchmarking framework handles caches realistically.

With the example of Boyer-Moore optimizations (one less call to alloc), I am not sure a naive benchmarking would shows much difference as the additional call to alloc would grab repeatedly the same cached memory area, whereas in a real Suricata execution, this would not be the case

Actions #3

Updated by Andreas Herz almost 5 years ago

  • Assignee set to Philippe Antoine
  • Target version set to TBD
Actions #5

Updated by Philippe Antoine almost 5 years ago

I put a first benchmark here
https://github.com/OISF/suricata/pull/4371

Actions #6

Updated by Philippe Antoine over 4 years ago

  • Status changed from New to In Review
Actions #7

Updated by Roland Fischer over 4 years ago

There are a few other hash functions that might be interesting. Google's CityHash comes to mind as it's their "general purpose" hash. SpookyHash/xxhash might be options as well. The stackexchange page lists them as well I think.

Ultimately, it depends on how much time you want to spend on this vs how happy you are with the current hash. Plus, what the usage patterns of the hash are as well as the data to be hashed. ;)

Actions #8

Updated by Victor Julien almost 4 years ago

  • Blocked by Bug #4265: QA lab: add possibility to do repeatable replay tests added
Actions #10

Updated by Philippe Antoine almost 2 years ago

  • Assignee changed from Philippe Antoine to Community Ticket
  • Priority changed from Normal to Low

This does not seem the most important area to optimize...

Actions #11

Updated by Philippe Antoine about 2 months ago

  • Status changed from In Review to New
Actions #12

Updated by Philippe Antoine about 1 month ago

  • Related to Security #7209: thash: random factor not used; possible abusive hash collisions added
Actions #13

Updated by Philippe Antoine about 1 month ago

SipHash seems to be the current standard, used by rust and other internally...

Actions

Also available in: Atom PDF