git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 1 Dec 2016 10:32:06 +0000 (11:32 +0100)
committer	David S. Miller <davem@davemloft.net>
	Fri, 2 Dec 2016 17:49:59 +0000 (12:49 -0500)
commit	6d22703b350fdc23377aecc8092051a80d01b070
tree	ba58ca9c85a73dc887096d8123d199b3d28a705c	tree \| snapshot
parent	485bf17a0b1f574880b8a15c7fdc38e1cac0e09e	commit \| diff

tcp: randomize tcp timestamp offsets for each connection

jiffies based timestamps allow for easy inference of number of devices
behind NAT translators and also makes tracking of hosts simpler.

commit 7072c2419efaa0d ("tcp: adding a per-socket timestamp offset")
added the main infrastructure that is needed for per-connection ts
randomization, in particular writing/reading the on-wire tcp header
format takes the offset into account so rest of stack can use normal
tcp_time_stamp (jiffies).

So only two items are left:
- add a tsoffset for request sockets
- extend the tcp isn generator to also return another 32bit number
in addition to the ISN.

Re-use of ISN generator also means timestamps are still monotonically
increasing for same connection quadruple, i.e. PAWS will still work.

Includes fixes from Eric Dumazet.

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/tcp.h		diff \| blob \| history
include/net/secure_seq.h		diff \| blob \| history
include/net/tcp.h		diff \| blob \| history
net/core/secure_seq.c		diff \| blob \| history
net/ipv4/syncookies.c		diff \| blob \| history
net/ipv4/tcp_input.c		diff \| blob \| history
net/ipv4/tcp_ipv4.c		diff \| blob \| history
net/ipv4/tcp_minisocks.c		diff \| blob \| history
net/ipv4/tcp_output.c		diff \| blob \| history
net/ipv6/syncookies.c		diff \| blob \| history
net/ipv6/tcp_ipv6.c		diff \| blob \| history