diff options
author | bz <bz@FreeBSD.org> | 2008-12-13 21:59:18 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2008-12-13 21:59:18 +0000 |
commit | ef0e31ac361ba0bdabcd412659ee4b3a14eaa600 (patch) | |
tree | f0fc6c673f57b9a02395e90b186384f8a1da4085 /sys | |
parent | 37aff7daa7032f0fb1c864a4f83d04aa3c7bf5ea (diff) | |
download | FreeBSD-src-ef0e31ac361ba0bdabcd412659ee4b3a14eaa600.zip FreeBSD-src-ef0e31ac361ba0bdabcd412659ee4b3a14eaa600.tar.gz |
De-virtualize the MD5 context for TCP initial seq number generation
and make it a function local variable like we do almost everywhere
inside the kernel.
Discussed with: rwatson, silby
MFC after: 4 weeks
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/tcp_subr.c | 20 | ||||
-rw-r--r-- | sys/netinet/vinet.h | 2 |
2 files changed, 10 insertions, 12 deletions
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 207d37a..2c2337e 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1486,13 +1486,13 @@ tcp6_ctlinput(int cmd, struct sockaddr *sa, void *d) static u_char isn_secret[32]; static int isn_last_reseed; static u_int32_t isn_offset, isn_offset_old; -static MD5_CTX isn_ctx; #endif tcp_seq tcp_new_isn(struct tcpcb *tp) { INIT_VNET_INET(tp->t_vnet); + MD5_CTX isn_ctx; u_int32_t md5_buffer[4]; tcp_seq new_isn; @@ -1508,25 +1508,25 @@ tcp_new_isn(struct tcpcb *tp) } /* Compute the md5 hash and return the ISN. */ - MD5Init(&V_isn_ctx); - MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->inp_fport, sizeof(u_short)); - MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->inp_lport, sizeof(u_short)); + MD5Init(&isn_ctx); + MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_fport, sizeof(u_short)); + MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_lport, sizeof(u_short)); #ifdef INET6 if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) { - MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->in6p_faddr, + MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_faddr, sizeof(struct in6_addr)); - MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->in6p_laddr, + MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_laddr, sizeof(struct in6_addr)); } else #endif { - MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->inp_faddr, + MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_faddr, sizeof(struct in_addr)); - MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->inp_laddr, + MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_laddr, sizeof(struct in_addr)); } - MD5Update(&V_isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret)); - MD5Final((u_char *) &md5_buffer, &V_isn_ctx); + MD5Update(&isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret)); + MD5Final((u_char *) &md5_buffer, &isn_ctx); new_isn = (tcp_seq) md5_buffer[0]; V_isn_offset += ISN_STATIC_INCREMENT + (arc4random() & ISN_RANDOM_INCREMENT); diff --git a/sys/netinet/vinet.h b/sys/netinet/vinet.h index 65ccfa4..449334e 100644 --- a/sys/netinet/vinet.h +++ b/sys/netinet/vinet.h @@ -142,7 +142,6 @@ struct vnet_inet { int _isn_last_reseed; u_int32_t _isn_offset; u_int32_t _isn_offset_old; - MD5_CTX _isn_ctx; struct inpcbhead _udb; struct inpcbinfo _udbinfo; @@ -265,7 +264,6 @@ extern struct vnet_inet vnet_inet_0; #define V_ipsendredirects VNET_INET(ipsendredirects) #define V_ipstat VNET_INET(ipstat) #define V_ipstealth VNET_INET(ipstealth) -#define V_isn_ctx VNET_INET(isn_ctx) #define V_isn_last_reseed VNET_INET(isn_last_reseed) #define V_isn_offset VNET_INET(isn_offset) #define V_isn_offset_old VNET_INET(isn_offset_old) |