svn commit: r186057 - head/sys/netinet

[Bjoern A. Zeeb]

Author: bz
Date: Sat Dec 13 21:59:18 2008
New Revision: 186057
URL: http://svn.freebsd.org/changeset/base/186057

Log:
  De-virtualize the MD5 context for TCP initial seq number generation
  and make it a function local variable like we do almost everywhere
  inside the kernel.
  
  Discussed with:	rwatson, silby
  MFC after:	4 weeks

Modified:
  head/sys/netinet/tcp_subr.c
  head/sys/netinet/vinet.h

Modified: head/sys/netinet/tcp_subr.c
==============================================================================
--- head/sys/netinet/tcp_subr.c	Sat Dec 13 21:17:46 2008	(r186056)
+++ head/sys/netinet/tcp_subr.c	Sat Dec 13 21:59:18 2008	(r186057)
@@ -1486,13 +1486,13 @@ tcp6_ctlinput(int cmd, struct sockaddr *
 static u_char isn_secret[32];
 static int isn_last_reseed;
 static u_int32_t isn_offset, isn_offset_old;
-static MD5_CTX isn_ctx;
 #endif
 
 tcp_seq
 tcp_new_isn(struct tcpcb *tp)
 {
 	INIT_VNET_INET(tp->t_vnet);
+	MD5_CTX isn_ctx;
 	u_int32_t md5_buffer[4];
 	tcp_seq new_isn;
 
@@ -1508,25 +1508,25 @@ tcp_new_isn(struct tcpcb *tp)
 	}
 
 	/* Compute the md5 hash and return the ISN. */
-	MD5Init(&V_isn_ctx);
-	MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->inp_fport, sizeof(u_short));
-	MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->inp_lport, sizeof(u_short));
+	MD5Init(&isn_ctx);
+	MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_fport, sizeof(u_short));
+	MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_lport, sizeof(u_short));
 #ifdef INET6
 	if ((tp->t_inpcb->inp_vflag & INP_IPV6) != 0) {
-		MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->in6p_faddr,
+		MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_faddr,
 			  sizeof(struct in6_addr));
-		MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->in6p_laddr,
+		MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->in6p_laddr,
 			  sizeof(struct in6_addr));
 	} else
 #endif
 	{
-		MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->inp_faddr,
+		MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_faddr,
 			  sizeof(struct in_addr));
-		MD5Update(&V_isn_ctx, (u_char *) &tp->t_inpcb->inp_laddr,
+		MD5Update(&isn_ctx, (u_char *) &tp->t_inpcb->inp_laddr,
 			  sizeof(struct in_addr));
 	}
-	MD5Update(&V_isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret));
-	MD5Final((u_char *) &md5_buffer, &V_isn_ctx);
+	MD5Update(&isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret));
+	MD5Final((u_char *) &md5_buffer, &isn_ctx);
 	new_isn = (tcp_seq) md5_buffer[0];
 	V_isn_offset += ISN_STATIC_INCREMENT +
 		(arc4random() & ISN_RANDOM_INCREMENT);

Modified: head/sys/netinet/vinet.h
==============================================================================
--- head/sys/netinet/vinet.h	Sat Dec 13 21:17:46 2008	(r186056)
+++ head/sys/netinet/vinet.h	Sat Dec 13 21:59:18 2008	(r186057)
@@ -142,7 +142,6 @@ struct vnet_inet {
 	int	_isn_last_reseed;
 	u_int32_t _isn_offset;
 	u_int32_t _isn_offset_old;
-	MD5_CTX	_isn_ctx;
 
 	struct	inpcbhead _udb;
 	struct	inpcbinfo _udbinfo;
@@ -265,7 +264,6 @@ extern struct vnet_inet vnet_inet_0;
 #define	V_ipsendredirects	VNET_INET(ipsendredirects)
 #define	V_ipstat		VNET_INET(ipstat)
 #define	V_ipstealth		VNET_INET(ipstealth)
-#define	V_isn_ctx		VNET_INET(isn_ctx)
 #define	V_isn_last_reseed	VNET_INET(isn_last_reseed)
 #define	V_isn_offset		VNET_INET(isn_offset)
 #define	V_isn_offset_old	VNET_INET(isn_offset_old)