Author: hiren Date: Fri Jan 30 17:29:07 2015 New Revision: 277938 URL: https://svnweb.freebsd.org/changeset/base/277938
Log: Make syncookie_mac() use 'tcp_seq irs' in computing hash. This fixes what seems like a simple oversight when the function was added in r253210. Reported by: Daniel Borkmann <[email protected]> Florian Westphal <[email protected]> Differential Revision: https://reviews.freebsd.org/D1628 Reviewed by: gnn MFC after: 1 month Sponsored by: Limelight Networks Modified: head/sys/netinet/tcp_syncache.c Modified: head/sys/netinet/tcp_syncache.c ============================================================================== --- head/sys/netinet/tcp_syncache.c Fri Jan 30 15:42:52 2015 (r277937) +++ head/sys/netinet/tcp_syncache.c Fri Jan 30 17:29:07 2015 (r277938) @@ -1742,6 +1742,7 @@ syncookie_mac(struct in_conninfo *inc, t } SipHash_Update(&ctx, &inc->inc_fport, sizeof(inc->inc_fport)); SipHash_Update(&ctx, &inc->inc_lport, sizeof(inc->inc_lport)); + SipHash_Update(&ctx, &irs, sizeof(irs)); SipHash_Update(&ctx, &flags, sizeof(flags)); SipHash_Update(&ctx, &secmod, sizeof(secmod)); SipHash_Final((u_int8_t *)&siphash, &ctx); _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "[email protected]"
