From owner-p4-projects@FreeBSD.ORG Fri Dec 5 10:18:01 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 7AA68106567A; Fri, 5 Dec 2008 10:18:01 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 397D31065677 for ; Fri, 5 Dec 2008 10:18:01 +0000 (UTC) (envelope-from zec@tel.fer.hr) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 282058FC1A for ; Fri, 5 Dec 2008 10:18:01 +0000 (UTC) (envelope-from zec@tel.fer.hr) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id mB5AI10K043772 for ; Fri, 5 Dec 2008 10:18:01 GMT (envelope-from zec@tel.fer.hr) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id mB5AI0aI043766 for perforce@freebsd.org; Fri, 5 Dec 2008 10:18:00 GMT (envelope-from zec@tel.fer.hr) Date: Fri, 5 Dec 2008 10:18:00 GMT Message-Id: <200812051018.mB5AI0aI043766@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to zec@tel.fer.hr using -f From: Marko Zec To: Perforce Change Reviews Cc: Subject: PERFORCE change 154100 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Dec 2008 10:18:01 -0000 http://perforce.freebsd.org/chv.cgi?CH=154100 Change 154100 by zec@zec_tca51 on 2008/12/05 10:17:49 De-virtualize TCP ISN code in PF because it wasn't done the right way, so leave this for the time when a complete PF virtualization will be implemented (if ever). The problem was in naming clash between TCP ISN state variables in pf code and in netinet/tcp_subr.c which occured as a result of blind / automated V_ prepending. Affected files ... .. //depot/projects/vimage-commit2/src/sys/contrib/pf/net/pf_subr.c#9 edit Differences ... ==== //depot/projects/vimage-commit2/src/sys/contrib/pf/net/pf_subr.c#9 (text+ko) ==== @@ -116,26 +116,22 @@ #define ISN_STATIC_INCREMENT 4096 #define ISN_RANDOM_INCREMENT (4096 - 1) -#ifdef VIMAGE_GLOBALS -/* XXX WARNING WARNING clash with netinet/tcp_subr.c - REVISIT !!! */ static u_char isn_secret[32]; static int isn_last_reseed; static u_int32_t isn_offset; static MD5_CTX isn_ctx; -#endif u_int32_t pf_new_isn(struct pf_state *s) { - INIT_VNET_INET(curvnet); u_int32_t md5_buffer[4]; u_int32_t new_isn; struct pf_state_host *src, *dst; /* Seed if this is the first use, reseed if requested. */ - if (V_isn_last_reseed == 0) { - read_random(&V_isn_secret, sizeof(V_isn_secret)); - V_isn_last_reseed = ticks; + if (isn_last_reseed == 0) { + read_random(&isn_secret, sizeof(isn_secret)); + isn_last_reseed = ticks; } if (s->direction == PF_IN) { @@ -147,28 +143,28 @@ } /* Compute the md5 hash and return the ISN. */ - MD5Init(&V_isn_ctx); - MD5Update(&V_isn_ctx, (u_char *) &dst->port, sizeof(u_short)); - MD5Update(&V_isn_ctx, (u_char *) &src->port, sizeof(u_short)); + MD5Init(&isn_ctx); + MD5Update(&isn_ctx, (u_char *) &dst->port, sizeof(u_short)); + MD5Update(&isn_ctx, (u_char *) &src->port, sizeof(u_short)); #ifdef INET6 if (s->af == AF_INET6) { - MD5Update(&V_isn_ctx, (u_char *) &dst->addr, + MD5Update(&isn_ctx, (u_char *) &dst->addr, sizeof(struct in6_addr)); - MD5Update(&V_isn_ctx, (u_char *) &src->addr, + MD5Update(&isn_ctx, (u_char *) &src->addr, sizeof(struct in6_addr)); } else #endif { - MD5Update(&V_isn_ctx, (u_char *) &dst->addr, + MD5Update(&isn_ctx, (u_char *) &dst->addr, sizeof(struct in_addr)); - MD5Update(&V_isn_ctx, (u_char *) &src->addr, + MD5Update(&isn_ctx, (u_char *) &src->addr, sizeof(struct in_addr)); } - MD5Update(&V_isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret)); - MD5Final((u_char *) &md5_buffer, &V_isn_ctx); + MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret)); + MD5Final((u_char *) &md5_buffer, &isn_ctx); new_isn = (tcp_seq) md5_buffer[0]; - V_isn_offset += ISN_STATIC_INCREMENT + + isn_offset += ISN_STATIC_INCREMENT + (arc4random() & ISN_RANDOM_INCREMENT); - new_isn += V_isn_offset; + new_isn += isn_offset; return (new_isn); }