Differential D13755 Diff 37498 sys/contrib/ipfilter/netinet/ip_state.c

Changeset View

Standalone View

sys/contrib/ipfilter/netinet/ip_state.c

Show First 20 Lines • Show All 295 Lines • ▼ Show 20 Lines	if (softs->ipf_state_tune != NULL) {
ipf_tune_array_unlink(softc, softs->ipf_state_tune);		ipf_tune_array_unlink(softc, softs->ipf_state_tune);
KFREES(softs->ipf_state_tune, sizeof(ipf_state_tuneables));		KFREES(softs->ipf_state_tune, sizeof(ipf_state_tuneables));
softs->ipf_state_tune = NULL;		softs->ipf_state_tune = NULL;
}		}

KFREE(softs);		KFREE(softs);
}		}

		static void *
		ipf_state_seed_alloc(u_int state_size, u_int state_max)
		{
		u_int i;
		u_long *state_seed;
		KMALLOCS(state_seed, u_long , state_size sizeof(*state_seed));
		if (state_seed == NULL)
		return NULL;

		for (i = 0; i < state_size; i++) {
		/*
		* XXX - ipf_state_seed[X] should be a random number of sorts.
		*/
		#if FREEBSD_GE_REV(400000)
		delphijUnsubmitted Done Inline Actions Could you please change this to the old FreeBSD condition (#if FREEBSD_GE_REV(400000)) instead? The change as-is means in userland the seed would be predictable which may have bad consequences. delphij: Could you please change this to the old FreeBSD condition (#if FREEBSD_GE_REV(400000)) instead?
		cyAuthorUnsubmitted Done Inline Actions Done. The block should ultimately be removed but that's for a different revision. cy: Done. The block should ultimately be removed but that's for a different revision.
		state_seed[i] = arc4random();
		#else
		state_seed[i] = ((u_long)state_seed + i) * state_size;
		state_seed[i] ^= 0xa5a55a5a;
		state_seed[i] *= (u_long)state_seed;
		state_seed[i] ^= 0x5a5aa5a5;
		state_seed[i] *= state_max;
		#endif
		}
		return state_seed;
		}


/* ------------------------------------------------------------------------ */		/* ------------------------------------------------------------------------ */
/* Function: ipf_state_soft_init */		/* Function: ipf_state_soft_init */
/* Returns: int - 0 == success, -1 == failure */		/* Returns: int - 0 == success, -1 == failure */
/* Parameters: softc(I) - pointer to soft context main structure */		/* Parameters: softc(I) - pointer to soft context main structure */
/* arg(I) - pointer to local context to use */		/* arg(I) - pointer to local context to use */
/* */		/* */
/* Initialise the state soft context structure so it is ready for use. */		/* Initialise the state soft context structure so it is ready for use. */
/* This involves: */		/* This involves: */
Show All 15 Lines	ipf_state_soft_init(softc, arg)
KMALLOCS(softs->ipf_state_table,		KMALLOCS(softs->ipf_state_table,
ipstate_t *, softs->ipf_state_size sizeof(ipstate_t *));		ipstate_t *, softs->ipf_state_size sizeof(ipstate_t *));
if (softs->ipf_state_table == NULL)		if (softs->ipf_state_table == NULL)
return -1;		return -1;

bzero((char *)softs->ipf_state_table,		bzero((char *)softs->ipf_state_table,
softs->ipf_state_size * sizeof(ipstate_t *));		softs->ipf_state_size * sizeof(ipstate_t *));

KMALLOCS(softs->ipf_state_seed, u_long *,		softs->ipf_state_seed = ipf_state_seed_alloc(softs->ipf_state_size,
softs->ipf_state_size * sizeof(*softs->ipf_state_seed));		softs->ipf_state_max);
if (softs->ipf_state_seed == NULL)		if (softs->ipf_state_seed == NULL)
return -2;		return -2;

for (i = 0; i < softs->ipf_state_size; i++) {
/*
* XXX - ipf_state_seed[X] should be a random number of sorts.
*/
#if FREEBSD_GE_REV(400000)
softs->ipf_state_seed[i] = arc4random();
#else
softs->ipf_state_seed[i] = ((u_long)softs->ipf_state_seed + i) *
softs->ipf_state_size;
softs->ipf_state_seed[i] ^= 0xa5a55a5a;
softs->ipf_state_seed[i] *= (u_long)softs->ipf_state_seed;
softs->ipf_state_seed[i] ^= 0x5a5aa5a5;
softs->ipf_state_seed[i] *= softs->ipf_state_max;
#endif
}

KMALLOCS(softs->ipf_state_stats.iss_bucketlen, u_int *,		KMALLOCS(softs->ipf_state_stats.iss_bucketlen, u_int *,
softs->ipf_state_size * sizeof(u_int));		softs->ipf_state_size * sizeof(u_int));
if (softs->ipf_state_stats.iss_bucketlen == NULL)		if (softs->ipf_state_stats.iss_bucketlen == NULL)
return -3;		return -3;

bzero((char *)softs->ipf_state_stats.iss_bucketlen,		bzero((char *)softs->ipf_state_stats.iss_bucketlen,
softs->ipf_state_size * sizeof(u_int));		softs->ipf_state_size * sizeof(u_int));

▲ Show 20 Lines • Show All 4,889 Lines • ▼ Show 20 Lines
int		int
ipf_state_rehash(softc, t, p)		ipf_state_rehash(softc, t, p)
ipf_main_softc_t *softc;		ipf_main_softc_t *softc;
ipftuneable_t *t;		ipftuneable_t *t;
ipftuneval_t *p;		ipftuneval_t *p;
{		{
ipf_state_softc_t *softs = softc->ipf_state_soft;		ipf_state_softc_t *softs = softc->ipf_state_soft;
ipstate_t *newtab, is;		ipstate_t *newtab, is;
		u_long *newseed;
u_int *bucketlens;		u_int *bucketlens;
u_int maxbucket;		u_int maxbucket;
u_int newsize;		u_int newsize;
u_int hv;		u_int hv;
int i;		int i;

newsize = p->ipftu_int;		newsize = p->ipftu_int;
/*		/*
Show All 10 Lines	ipf_state_rehash(softc, t, p)

KMALLOCS(bucketlens, u_int , newsize sizeof(u_int));		KMALLOCS(bucketlens, u_int , newsize sizeof(u_int));
if (bucketlens == NULL) {		if (bucketlens == NULL) {
KFREES(newtab, newsize * sizeof(*softs->ipf_state_table));		KFREES(newtab, newsize * sizeof(*softs->ipf_state_table));
IPFERROR(100036);		IPFERROR(100036);
return ENOMEM;		return ENOMEM;
}		}

		newseed = ipf_state_seed_alloc(newsize, softs->ipf_state_max);
		if (newseed == NULL) {
		KFREES(bucketlens, newsize * sizeof(*bucketlens));
		KFREES(newtab, newsize * sizeof(*newtab));
		IPFERROR(100037);
		delphijUnsubmitted Not Done Inline Actions NO ACTION REQUESTED: Just curious, how were these values chosen? delphij: NO ACTION REQUESTED: Just curious, how were these values chosen?
		return ENOMEM;
		}

for (maxbucket = 0, i = newsize; i > 0; i >>= 1)		for (maxbucket = 0, i = newsize; i > 0; i >>= 1)
maxbucket++;		maxbucket++;
maxbucket *= 2;		maxbucket *= 2;

bzero((char )newtab, newsize sizeof(ipstate_t *));		bzero((char )newtab, newsize sizeof(ipstate_t *));
bzero((char )bucketlens, newsize sizeof(u_int));		bzero((char )bucketlens, newsize sizeof(u_int));

WRITE_ENTER(&softc->ipf_state);		WRITE_ENTER(&softc->ipf_state);

if (softs->ipf_state_table != NULL) {		if (softs->ipf_state_table != NULL) {
KFREES(softs->ipf_state_table,		KFREES(softs->ipf_state_table,
softs->ipf_state_size * sizeof(*softs->ipf_state_table));		softs->ipf_state_size * sizeof(*softs->ipf_state_table));
}		}
softs->ipf_state_table = newtab;		softs->ipf_state_table = newtab;

		if (softs->ipf_state_seed != NULL) {
		KFREES(softs->ipf_state_seed,
		softs->ipf_state_size * sizeof(*softs->ipf_state_seed));
		}
		softs->ipf_state_seed = newseed;

if (softs->ipf_state_stats.iss_bucketlen != NULL) {		if (softs->ipf_state_stats.iss_bucketlen != NULL) {
KFREES(softs->ipf_state_stats.iss_bucketlen,		KFREES(softs->ipf_state_stats.iss_bucketlen,
softs->ipf_state_size * sizeof(u_int));		softs->ipf_state_size * sizeof(u_int));
}		}
softs->ipf_state_stats.iss_bucketlen = bucketlens;		softs->ipf_state_stats.iss_bucketlen = bucketlens;
softs->ipf_state_maxbucket = maxbucket;		softs->ipf_state_maxbucket = maxbucket;
softs->ipf_state_size = newsize;		softs->ipf_state_size = newsize;
▲ Show 20 Lines • Show All 67 Lines • Show Last 20 Lines