HomeFreeBSD

Don't expose the uptime via the TCP timestamps.

Description

Don't expose the uptime via the TCP timestamps.

The TCP client side or the TCP server side when not using SYN-cookies
used the uptime as the TCP timestamp value. This patch uses in all
cases an offset, which is the result of a keyed hash function taking
the source and destination addresses and port numbers into account.
The keyed hash function is the same a used for the initial TSN.

Reviewed by: rrs@
MFC after: 1 month
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D16636

Details

Committed
tuexenAug 19 2018, 2:56 PM
Differential Revision
D16636: Improve TCP timestamps
Parents
rS338052: libsa: Add lshrdi3.c for powerpc* and mips
Branches
Unknown
Tags
Unknown