Page MenuHomeFreeBSD

Improve TCP timestamps
ClosedPublic

Authored by tuexen on Aug 8 2018, 11:21 PM.

Details

Summary

TCP timestamps leak the uptime in milliseconds. To avoid this, initialise the TCP timestamp with a value of a keyed hash function, which takes the source and destination IP address and the source and destination port number.
Use the same keyed hash function as used for selecting the initial TCP sequence number.

Test Plan

Ensure that the TCP timestamp is increasing over multiple TCP connections using the same 4 tuple. Check this when using the syn cache and syn cookies.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

tuexen created this revision.Aug 8 2018, 11:21 PM
rrs accepted this revision.Aug 9 2018, 10:11 AM
This revision is now accepted and ready to land.Aug 9 2018, 10:11 AM
This revision was automatically updated to reflect the committed changes.