diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b5388391d..3c33c9c4f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -107,6 +107,8 @@ it will be removed; but as it won't be user-visible this isn't considered a brea instead of the Mapping name, which could reduce the cache's effectiveness. This has been fixed so that the correct key is used. ([Incorrect Cache Key for Mapping]) +- Change: Changed Ambex suffix hashing algorithm to use xxhash64 instead of md5. + [Incorrect Cache Key for Mapping]: https://github.com/emissary-ingress/emissary/issues/5714 ## [3.9.0] November 13, 2023 diff --git a/go.mod b/go.mod index aff5f28791..2337d11267 100644 --- a/go.mod +++ b/go.mod @@ -83,6 +83,7 @@ require ( github.com/Masterminds/sprig v2.22.0+incompatible github.com/cenkalti/backoff/v4 v4.2.1 github.com/census-instrumentation/opencensus-proto v0.4.1 + github.com/cespare/xxhash/v2 v2.2.0 github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 github.com/datawire/dlib v1.3.1 github.com/datawire/dtest v0.0.0-20210928162311-722b199c4c2f @@ -146,7 +147,6 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect diff --git a/pkg/ambex/transforms.go b/pkg/ambex/transforms.go index cb1e0bf943..76eef6298e 100644 --- a/pkg/ambex/transforms.go +++ b/pkg/ambex/transforms.go @@ -3,12 +3,12 @@ package ambex import ( // standard library "context" - "crypto/md5" - "encoding/hex" "encoding/json" "fmt" + "strconv" // third-party libraries + "github.com/cespare/xxhash/v2" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" @@ -146,9 +146,10 @@ func V3ListenerToRdsListener(lnr *v3listener.Listener) (*v3listener.Listener, [] // associated with a given listener. filterChainMatch, _ := json.Marshal(fc.GetFilterChainMatch()) - // Use MD5 because it's decently fast and cryptographic security isn't needed. - matchHash := md5.Sum(filterChainMatch) - matchKey := hex.EncodeToString(matchHash[:]) + // Use xxhash64 because it's decently fast and cryptographic security isn't needed. + h := xxhash.New() + h.Write(filterChainMatch) + matchKey := strconv.FormatUint(h.Sum64(), 16) rc.Name = fmt.Sprintf("%s-routeconfig-%s-%d", l.Name, matchKey, matchKeyIndex[matchKey]) diff --git a/pkg/ambex/transforms_test.go b/pkg/ambex/transforms_test.go index 2048496a52..3a55cd65bc 100644 --- a/pkg/ambex/transforms_test.go +++ b/pkg/ambex/transforms_test.go @@ -78,7 +78,7 @@ func TestV3ListenerToRdsListener(t *testing.T) { for i, rc := range routes { // Confirm that the route name was transformed to the hashed version - assert.Equal(t, fmt.Sprintf("emissary-ingress-listener-8080-routeconfig-8c82e45fa3f94ab4e879543e0a1a30ac-%d", i), rc.GetName()) + assert.Equal(t, fmt.Sprintf("emissary-ingress-listener-8080-routeconfig-29865f40cbcf32dc-%d", i), rc.GetName()) // Make sure the virtual hosts are unmodified virtualHosts := rc.GetVirtualHosts()