Skip to content
Snippets Groups Projects
Select Git revision
  • 84b114b98452c431299d99c135f751659e517acb
  • vme-testing default
  • ci-test
  • master
  • remoteproc
  • am625-sk-ov5640
  • pcal6534-upstreaming
  • lps22df-upstreaming
  • msc-upstreaming
  • imx8mp
  • iio/noa1305
  • vme-next
  • vme-next-4.14-rc4
  • v4.14-rc4
  • v4.14-rc3
  • v4.14-rc2
  • v4.14-rc1
  • v4.13
  • vme-next-4.13-rc7
  • v4.13-rc7
  • v4.13-rc6
  • v4.13-rc5
  • v4.13-rc4
  • v4.13-rc3
  • v4.13-rc2
  • v4.13-rc1
  • v4.12
  • v4.12-rc7
  • v4.12-rc6
  • v4.12-rc5
  • v4.12-rc4
  • v4.12-rc3
32 results

tcp_ipv6.c

  • Eric Dumazet's avatar
    84b114b9
    tcp: randomize timestamps on syncookies · 84b114b9
    Eric Dumazet authored
    
    Whole point of randomization was to hide server uptime, but an attacker
    can simply start a syn flood and TCP generates 'old style' timestamps,
    directly revealing server jiffies value.
    
    Also, TSval sent by the server to a particular remote address vary
    depending on syncookies being sent or not, potentially triggering PAWS
    drops for innocent clients.
    
    Lets implement proper randomization, including for SYNcookies.
    
    Also we do not need to export sysctl_tcp_timestamps, since it is not
    used from a module.
    
    In v2, I added Florian feedback and contribution, adding tsoff to
    tcp_get_cookie_sock().
    
    v3 removed one unused variable in tcp_v4_connect() as Florian spotted.
    
    Fixes: 95a22cae ("tcp: randomize tcp timestamp offsets for each connection")
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Reviewed-by: default avatarFlorian Westphal <fw@strlen.de>
    Tested-by: default avatarFlorian Westphal <fw@strlen.de>
    Cc: Yuchung Cheng <ycheng@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    84b114b9
    History
    tcp: randomize timestamps on syncookies
    Eric Dumazet authored
    
    Whole point of randomization was to hide server uptime, but an attacker
    can simply start a syn flood and TCP generates 'old style' timestamps,
    directly revealing server jiffies value.
    
    Also, TSval sent by the server to a particular remote address vary
    depending on syncookies being sent or not, potentially triggering PAWS
    drops for innocent clients.
    
    Lets implement proper randomization, including for SYNcookies.
    
    Also we do not need to export sysctl_tcp_timestamps, since it is not
    used from a module.
    
    In v2, I added Florian feedback and contribution, adding tsoff to
    tcp_get_cookie_sock().
    
    v3 removed one unused variable in tcp_v4_connect() as Florian spotted.
    
    Fixes: 95a22cae ("tcp: randomize tcp timestamp offsets for each connection")
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Reviewed-by: default avatarFlorian Westphal <fw@strlen.de>
    Tested-by: default avatarFlorian Westphal <fw@strlen.de>
    Cc: Yuchung Cheng <ycheng@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>