CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	tuexen <tuexen@FreeBSD.org>
	Thu, 30 May 2019 16:32:18 +0000 (16:32 +0000)
committer	tuexen <tuexen@FreeBSD.org>
	Thu, 30 May 2019 16:32:18 +0000 (16:32 +0000)
commit	449a8800ab0d4c63fea9fea4bacd179077f028ad
tree	e2ecdd555310d691550c08b72ebd05ae8a304d62	tree \| snapshot
parent	e92d7e7e2db67b607e3aedde21cf1e738ee2ec70	commit \| diff

MFC r338053:

Don't expose the uptime via the TCP timestamps.

The TCP client side or the TCP server side when not using SYN-cookies
used the uptime as the TCP timestamp value. This patch uses in all
cases an offset, which is the result of a keyed hash function taking
the source and destination addresses and port numbers into account.
The keyed hash function is the same a used for the initial TSN.

The use of
VNET_DEFINE_STATIC(u_char, ts_offset_secret[32]);
had to be replaced by
VNET_DEFINE(u_char, ts_offset_secret[32]);

MFC r348290:

When an ACK segment as the third message of the three way handshake is
received and support for time stamps was negotiated in the SYN/SYNACK
exchange, perform the PAWS check and only expand the syn cache entry if
the check is passed.
Without this check, endpoints may get stuck on the incomplete queue.

Reviewed by: jtl@, rrs@
Approved by: re (kib@))
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D16636
Differential Revision: https://reviews.freebsd.org/D20374

sys/netinet/tcp_subr.c		diff \| blob \| history
sys/netinet/tcp_syncache.c		diff \| blob \| history
sys/netinet/tcp_usrreq.c		diff \| blob \| history
sys/netinet/tcp_var.h		diff \| blob \| history