diff options
Diffstat (limited to 'sys/contrib/pf/net/pf_subr.c')
-rw-r--r-- | sys/contrib/pf/net/pf_subr.c | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/sys/contrib/pf/net/pf_subr.c b/sys/contrib/pf/net/pf_subr.c index 7d87833..f8550c7 100644 --- a/sys/contrib/pf/net/pf_subr.c +++ b/sys/contrib/pf/net/pf_subr.c @@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$"); #include <sys/socketvar.h> #include <sys/systm.h> #include <sys/time.h> +#include <sys/vimage.h> #include <net/if.h> #include <net/if_types.h> @@ -127,9 +128,9 @@ pf_new_isn(struct pf_state *s) struct pf_state_host *src, *dst; /* Seed if this is the first use, reseed if requested. */ - if (isn_last_reseed == 0) { - read_random(&isn_secret, sizeof(isn_secret)); - isn_last_reseed = ticks; + if (V_isn_last_reseed == 0) { + read_random(&V_isn_secret, sizeof(V_isn_secret)); + V_isn_last_reseed = ticks; } if (s->direction == PF_IN) { @@ -141,28 +142,28 @@ pf_new_isn(struct pf_state *s) } /* Compute the md5 hash and return the ISN. */ - MD5Init(&isn_ctx); - MD5Update(&isn_ctx, (u_char *) &dst->port, sizeof(u_short)); - MD5Update(&isn_ctx, (u_char *) &src->port, sizeof(u_short)); + MD5Init(&V_isn_ctx); + MD5Update(&V_isn_ctx, (u_char *) &dst->port, sizeof(u_short)); + MD5Update(&V_isn_ctx, (u_char *) &src->port, sizeof(u_short)); #ifdef INET6 if (s->af == AF_INET6) { - MD5Update(&isn_ctx, (u_char *) &dst->addr, + MD5Update(&V_isn_ctx, (u_char *) &dst->addr, sizeof(struct in6_addr)); - MD5Update(&isn_ctx, (u_char *) &src->addr, + MD5Update(&V_isn_ctx, (u_char *) &src->addr, sizeof(struct in6_addr)); } else #endif { - MD5Update(&isn_ctx, (u_char *) &dst->addr, + MD5Update(&V_isn_ctx, (u_char *) &dst->addr, sizeof(struct in_addr)); - MD5Update(&isn_ctx, (u_char *) &src->addr, + MD5Update(&V_isn_ctx, (u_char *) &src->addr, sizeof(struct in_addr)); } - MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret)); - MD5Final((u_char *) &md5_buffer, &isn_ctx); + MD5Update(&V_isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret)); + MD5Final((u_char *) &md5_buffer, &V_isn_ctx); new_isn = (tcp_seq) md5_buffer[0]; - isn_offset += ISN_STATIC_INCREMENT + + V_isn_offset += ISN_STATIC_INCREMENT + (arc4random() & ISN_RANDOM_INCREMENT); - new_isn += isn_offset; + new_isn += V_isn_offset; return (new_isn); } |