diff options
| author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-10-28 19:22:53 +0000 |
|---|---|---|
| committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2004-10-28 19:22:53 +0000 |
| commit | 5934ef20e7d9019051b7e9d3f25e36ead92f8791 (patch) | |
| tree | 98a6cb3a2be50f0db0f337519206e87daf080cb5 | |
| parent | 4ef3a811e16d4f7ac602c3d973f4f8145ccf64e3 (diff) | |
Modulate tcp_now by a random amount on a per-connection basis.
ok markus@ frantzen@
| -rw-r--r-- | sys/netinet/tcp_input.c | 10 | ||||
| -rw-r--r-- | sys/netinet/tcp_output.c | 4 | ||||
| -rw-r--r-- | sys/netinet/tcp_subr.c | 3 | ||||
| -rw-r--r-- | sys/netinet/tcp_usrreq.c | 9 | ||||
| -rw-r--r-- | sys/netinet/tcp_var.h | 4 |
5 files changed, 22 insertions, 8 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 68b04e37a04..57fc27065f6 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.176 2004/09/22 21:33:53 deraadt Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.177 2004/10/28 19:22:52 mcbride Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -932,6 +932,10 @@ after_listen: if (tcp_dooptions(tp, optp, optlen, th, m, iphlen, &opti)) goto drop; + /* subtract out the tcp timestamp modulator */ + if (opti.ts_present) + opti.ts_ecr -= tp->ts_modulate; + #ifdef TCP_SACK if (tp->sack_enable) { tp->rcv_laststart = th->th_seq; /* last rec'vd segment*/ @@ -3235,7 +3239,7 @@ do { \ timeout_add(&(sc)->sc_timer, (sc)->sc_rxtcur * (hz / PR_SLOWHZ)); \ } while (/*CONSTCOND*/0) -#define SYN_CACHE_TIMESTAMP(sc) tcp_now +#define SYN_CACHE_TIMESTAMP(sc) tcp_now + (sc)->sc_modulate void syn_cache_init() @@ -3659,6 +3663,7 @@ syn_cache_get(src, dst, th, hlen, tlen, so, m) tp->sack_enable = sc->sc_flags & SCF_SACK_PERMIT; #endif + tp->ts_modulate = sc->sc_modulate; tp->iss = sc->sc_iss; tp->irs = sc->sc_irs; tcp_sendseqinit(tp); @@ -4114,6 +4119,7 @@ syn_cache_respond(sc, m) u_int32_t *lp = (u_int32_t *)(optp); /* Form timestamp option as shown in appendix A of RFC 1323. */ *lp++ = htonl(TCPOPT_TSTAMP_HDR); + sc->sc_modulate = arc4random(); *lp++ = htonl(SYN_CACHE_TIMESTAMP(sc)); *lp = htonl(sc->sc_timestamp); optp += TCPOLEN_TSTAMP_APPA; diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 3d738e01fa5..2c8fe2236b9 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_output.c,v 1.73 2004/10/06 14:33:07 markus Exp $ */ +/* $OpenBSD: tcp_output.c,v 1.74 2004/10/28 19:22:52 mcbride Exp $ */ /* $NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $ */ /* @@ -594,7 +594,7 @@ send: /* Form timestamp option as shown in appendix A of RFC 1323. */ *lp++ = htonl(TCPOPT_TSTAMP_HDR); - *lp++ = htonl(tcp_now); + *lp++ = htonl(tcp_now + tp->ts_modulate); *lp = htonl(tp->ts_recent); optlen += TCPOLEN_TSTAMP_APPA; } diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index f7bf150e24a..0070c1824e0 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_subr.c,v 1.83 2004/08/10 20:04:55 markus Exp $ */ +/* $OpenBSD: tcp_subr.c,v 1.84 2004/10/28 19:22:52 mcbride Exp $ */ /* $NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $ */ /* @@ -182,7 +182,6 @@ tcp_init() NULL); #endif /* TCP_SACK */ in_pcbinit(&tcbtable, tcbhashsize); - tcp_now = arc4random() / 2; #ifdef INET6 /* diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 1986d923a83..6fe4e2814ca 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_usrreq.c,v 1.86 2004/07/15 15:27:22 markus Exp $ */ +/* $OpenBSD: tcp_usrreq.c,v 1.87 2004/10/28 19:22:52 mcbride Exp $ */ /* $NetBSD: tcp_usrreq.c,v 1.20 1996/02/13 23:44:16 christos Exp $ */ /* @@ -79,6 +79,8 @@ #include <sys/domain.h> #include <sys/kernel.h> +#include <dev/rndvar.h> + #include <net/if.h> #include <net/route.h> @@ -319,6 +321,11 @@ tcp_usrreq(so, req, m, nam, control) } so->so_state |= SS_CONNECTOUT; + + /* initialise the timestamp modulator */ + if (tp->t_flags & TF_REQ_TSTMP) + tp->ts_modulate = arc4random(); + /* Compute window scaling to request. */ tcp_rscale(tp, so->so_rcv.sb_hiwat); diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index fa57d5f4f02..9eb1dc3c0e4 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_var.h,v 1.66 2004/09/16 13:14:28 markus Exp $ */ +/* $OpenBSD: tcp_var.h,v 1.67 2004/10/28 19:22:52 mcbride Exp $ */ /* $NetBSD: tcp_var.h,v 1.17 1996/02/13 23:44:24 christos Exp $ */ /* @@ -170,6 +170,7 @@ struct tcpcb { u_char request_r_scale; /* pending window scaling */ u_char requested_s_scale; u_int32_t ts_recent; /* timestamp echo data */ + u_int32_t ts_modulate; /* modulation on timestamp */ u_int32_t ts_recent_age; /* when last updated */ tcp_seq last_ack_sent; @@ -249,6 +250,7 @@ struct syn_cache { int sc_bucketidx; /* our bucket index */ u_int32_t sc_hash; u_int32_t sc_timestamp; /* timestamp from SYN */ + u_int32_t sc_modulate; /* our timestamp modulator */ #if 0 u_int32_t sc_timebase; /* our local timebase */ #endif |