Date: Fri, 5 Dec 2008 10:18:00 GMT From: Marko Zec <zec@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 154100 for review Message-ID: <200812051018.mB5AI0aI043766@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=154100 Change 154100 by zec@zec_tca51 on 2008/12/05 10:17:49 De-virtualize TCP ISN code in PF because it wasn't done the right way, so leave this for the time when a complete PF virtualization will be implemented (if ever). The problem was in naming clash between TCP ISN state variables in pf code and in netinet/tcp_subr.c which occured as a result of blind / automated V_ prepending. Affected files ... .. //depot/projects/vimage-commit2/src/sys/contrib/pf/net/pf_subr.c#9 edit Differences ... ==== //depot/projects/vimage-commit2/src/sys/contrib/pf/net/pf_subr.c#9 (text+ko) ==== @@ -116,26 +116,22 @@ #define ISN_STATIC_INCREMENT 4096 #define ISN_RANDOM_INCREMENT (4096 - 1) -#ifdef VIMAGE_GLOBALS -/* XXX WARNING WARNING clash with netinet/tcp_subr.c - REVISIT !!! */ static u_char isn_secret[32]; static int isn_last_reseed; static u_int32_t isn_offset; static MD5_CTX isn_ctx; -#endif u_int32_t pf_new_isn(struct pf_state *s) { - INIT_VNET_INET(curvnet); u_int32_t md5_buffer[4]; u_int32_t new_isn; struct pf_state_host *src, *dst; /* Seed if this is the first use, reseed if requested. */ - if (V_isn_last_reseed == 0) { - read_random(&V_isn_secret, sizeof(V_isn_secret)); - V_isn_last_reseed = ticks; + if (isn_last_reseed == 0) { + read_random(&isn_secret, sizeof(isn_secret)); + isn_last_reseed = ticks; } if (s->direction == PF_IN) { @@ -147,28 +143,28 @@ } /* Compute the md5 hash and return the ISN. */ - MD5Init(&V_isn_ctx); - MD5Update(&V_isn_ctx, (u_char *) &dst->port, sizeof(u_short)); - MD5Update(&V_isn_ctx, (u_char *) &src->port, sizeof(u_short)); + MD5Init(&isn_ctx); + MD5Update(&isn_ctx, (u_char *) &dst->port, sizeof(u_short)); + MD5Update(&isn_ctx, (u_char *) &src->port, sizeof(u_short)); #ifdef INET6 if (s->af == AF_INET6) { - MD5Update(&V_isn_ctx, (u_char *) &dst->addr, + MD5Update(&isn_ctx, (u_char *) &dst->addr, sizeof(struct in6_addr)); - MD5Update(&V_isn_ctx, (u_char *) &src->addr, + MD5Update(&isn_ctx, (u_char *) &src->addr, sizeof(struct in6_addr)); } else #endif { - MD5Update(&V_isn_ctx, (u_char *) &dst->addr, + MD5Update(&isn_ctx, (u_char *) &dst->addr, sizeof(struct in_addr)); - MD5Update(&V_isn_ctx, (u_char *) &src->addr, + MD5Update(&isn_ctx, (u_char *) &src->addr, sizeof(struct in_addr)); } - MD5Update(&V_isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret)); - MD5Final((u_char *) &md5_buffer, &V_isn_ctx); + MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret)); + MD5Final((u_char *) &md5_buffer, &isn_ctx); new_isn = (tcp_seq) md5_buffer[0]; - V_isn_offset += ISN_STATIC_INCREMENT + + isn_offset += ISN_STATIC_INCREMENT + (arc4random() & ISN_RANDOM_INCREMENT); - new_isn += V_isn_offset; + new_isn += isn_offset; return (new_isn); }help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812051018.mB5AI0aI043766>