If syncookies are disabled (net.inet.tcp.syncookies) then use the faster

arc4random() routine to generate ISNs instead of creating them with MD5(). Suggested by: silby
2001-12-21 04:41:08 +00:00 · 2001-12-21 04:41:08 +00:00 · 87be243fa6
commit 87be243fa6
parent d39f9b4517
2 changed files with 5 additions and 1 deletions
--- a/sys/netinet/tcp_debug.c
+++ b/sys/netinet/tcp_debug.c
@ -55,6 +55,7 @@
 #include <sys/protosw.h>
 #include <sys/socket.h>

+#include <net/route.h>
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
 #include <netinet/ip.h>
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@ -900,7 +900,10 @@ syncache_add(inc, to, th, sop, m)
 		sc->sc_route.ro_rt = NULL;
 	}
 	sc->sc_irs = th->th_seq;
-	sc->sc_iss = syncookie_generate(sc);
+	if (tcp_syncookies)
+		sc->sc_iss = syncookie_generate(sc);
+	else
+		sc->sc_iss = arc4random();

 	/* Initial receive window: clip sbspace to [0 .. TCP_MAXWIN] */
 	win = sbspace(&so->so_rcv);