Page MenuHomeFreeBSD

Improve TCP timestamps

Authored by tuexen on Aug 8 2018, 11:21 PM.



TCP timestamps leak the uptime in milliseconds. To avoid this, initialise the TCP timestamp with a value of a keyed hash function, which takes the source and destination IP address and the source and destination port number.
Use the same keyed hash function as used for selecting the initial TCP sequence number.

Test Plan

Ensure that the TCP timestamp is increasing over multiple TCP connections using the same 4 tuple. Check this when using the syn cache and syn cookies.

Diff Detail

rS FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.