PERFORCE change 154100 for review

Fri Dec 5 02:18:01 PST 2008

http://perforce.freebsd.org/chv.cgi?CH=154100

Change 154100 by zec at zec_tca51 on 2008/12/05 10:17:49

	De-virtualize TCP ISN code in PF because it wasn't done the
	right way, so leave this for the time when a complete PF
	virtualization will be implemented (if ever).
	
	The problem was in naming clash between TCP ISN state
	variables in pf code and in netinet/tcp_subr.c which occured as
	a result of blind / automated V_ prepending.

Affected files ...

.. //depot/projects/vimage-commit2/src/sys/contrib/pf/net/pf_subr.c#9 edit

Differences ...

==== //depot/projects/vimage-commit2/src/sys/contrib/pf/net/pf_subr.c#9 (text+ko) ====

@@ -116,26 +116,22 @@
 #define ISN_STATIC_INCREMENT 4096
 #define ISN_RANDOM_INCREMENT (4096 - 1)
 
-#ifdef VIMAGE_GLOBALS
-/* XXX WARNING WARNING clash with netinet/tcp_subr.c - REVISIT !!! */
 static u_char isn_secret[32];
 static int isn_last_reseed;
 static u_int32_t isn_offset;
 static MD5_CTX isn_ctx;
-#endif
 
 u_int32_t
 pf_new_isn(struct pf_state *s)
 {
-	INIT_VNET_INET(curvnet);
 	u_int32_t md5_buffer[4];
 	u_int32_t new_isn;
 	struct pf_state_host *src, *dst;
 
 	/* Seed if this is the first use, reseed if requested. */
-	if (V_isn_last_reseed == 0) {
-		read_random(&V_isn_secret, sizeof(V_isn_secret));
-		V_isn_last_reseed = ticks;
+	if (isn_last_reseed == 0) {
+		read_random(&isn_secret, sizeof(isn_secret));
+		isn_last_reseed = ticks;
 	}
 
 	if (s->direction == PF_IN) {
@@ -147,28 +143,28 @@
 	}
 
 	/* Compute the md5 hash and return the ISN. */
-	MD5Init(&V_isn_ctx);
-	MD5Update(&V_isn_ctx, (u_char *) &dst->port, sizeof(u_short));
-	MD5Update(&V_isn_ctx, (u_char *) &src->port, sizeof(u_short));
+	MD5Init(&isn_ctx);
+	MD5Update(&isn_ctx, (u_char *) &dst->port, sizeof(u_short));
+	MD5Update(&isn_ctx, (u_char *) &src->port, sizeof(u_short));
 #ifdef INET6
 	if (s->af == AF_INET6) {
-		MD5Update(&V_isn_ctx, (u_char *) &dst->addr,
+		MD5Update(&isn_ctx, (u_char *) &dst->addr,
 			  sizeof(struct in6_addr));
-		MD5Update(&V_isn_ctx, (u_char *) &src->addr,
+		MD5Update(&isn_ctx, (u_char *) &src->addr,
 			  sizeof(struct in6_addr));
 	} else
 #endif
 	{
-		MD5Update(&V_isn_ctx, (u_char *) &dst->addr,
+		MD5Update(&isn_ctx, (u_char *) &dst->addr,
 			  sizeof(struct in_addr));
-		MD5Update(&V_isn_ctx, (u_char *) &src->addr,
+		MD5Update(&isn_ctx, (u_char *) &src->addr,
 			  sizeof(struct in_addr));
 	}
-	MD5Update(&V_isn_ctx, (u_char *) &V_isn_secret, sizeof(V_isn_secret));
-	MD5Final((u_char *) &md5_buffer, &V_isn_ctx);
+	MD5Update(&isn_ctx, (u_char *) &isn_secret, sizeof(isn_secret));
+	MD5Final((u_char *) &md5_buffer, &isn_ctx);
 	new_isn = (tcp_seq) md5_buffer[0];
-	V_isn_offset += ISN_STATIC_INCREMENT +
+	isn_offset += ISN_STATIC_INCREMENT +
 		(arc4random() & ISN_RANDOM_INCREMENT);
-	new_isn += V_isn_offset;
+	new_isn += isn_offset;
 	return (new_isn);
 }
