TCP timestamps leak the uptime in milliseconds. To avoid this, initialise the TCP timestamp with a value of a keyed hash function, which takes the source and destination IP address and the source and destination port number.
Use the same keyed hash function as used for selecting the initial TCP sequence number.
Details
Details
- Reviewers
jtl jason_eggnet.com rrs kbowling - Group Reviewers
transport - Commits
- rS348435: MFC r338053:
rS338053: Don't expose the uptime via the TCP timestamps.
Ensure that the TCP timestamp is increasing over multiple TCP connections using the same 4 tuple. Check this when using the syn cache and syn cookies.
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Skipped - Unit
Tests Skipped - Build Status
Buildable 18656