Use randomized HashMap for yamux stream IDs

[Officeyutong]

Summary

Replace the yamux active stream map with the standard HashMap and remove the nohash-hasher dependency from tokio-yamux.

Remote peers control inbound yamux stream IDs through frame headers. Using nohash_hasher::IntMap for those keys removes randomized hashing and makes insertion/lookup behavior dependent on attacker-chosen integer values. Switching back to the default HashMap restores randomized hashing for externally controlled stream IDs.

Testing

• cargo fmt
• cargo test -p tokio-yamux

[driftluo]

I don't quite understand this. The purpose of using nohasher is to reduce the overhead of frequent hashing. If an attacker provides an existing ID, it will directly throw an error. Only non-existent IDs can start the stream. So what serious consequences could the attacker's wrong behavior lead to?

[quake]

I don't quite understand this. The purpose of using nohasher is to reduce the overhead of frequent hashing. If an attacker provides an existing ID, it will directly throw an error. Only non-existent IDs can start the stream. So what serious consequences could the attacker's wrong behavior lead to?

This is a hash flooding dos issue, the StreamId is controlled by remote peer, attacker can create excessive hash collisions and degrade hash-table operations from expected O(1) to O(n).