diff options
| author | Mike Frantzen <frantzen@cvs.openbsd.org> | 2004-05-05 23:16:04 +0000 |
|---|---|---|
| committer | Mike Frantzen <frantzen@cvs.openbsd.org> | 2004-05-05 23:16:04 +0000 |
| commit | 03fe38624159eac6e41dc6a190b5b866f9b76748 (patch) | |
| tree | 5b58d58675b482a463883b257b61556403829b2a /sbin/pfctl/pfctl_parser.c | |
| parent | 8f6a4f2e535871b3eafb365b6ebe1de3a4e5bc57 (diff) | |
Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP
sequence numbers by taking advantage of the maximum 1KHz clock as an upperbound
on the timestamp. Typically gains 10 to 18 bits of additional security against
blind data insertion attacks. More if the TS Echo wasn't optional :-(
Enabled with: scrub on !lo0 all reassemble tcp
ok dhartmei@. documentation help from jmc@
Diffstat (limited to 'sbin/pfctl/pfctl_parser.c')
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index ad946bb7611..83d44c846e1 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.196 2004/04/24 23:22:54 cedric Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.197 2004/05/05 23:16:03 frantzen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -183,6 +183,7 @@ const struct pf_timeout pf_timeouts[] = { { "tcp.closing", PFTM_TCP_CLOSING }, { "tcp.finwait", PFTM_TCP_FIN_WAIT }, { "tcp.closed", PFTM_TCP_CLOSED }, + { "tcp.tsdiff", PFTM_TS_DIFF }, { "udp.first", PFTM_UDP_FIRST_PACKET }, { "udp.single", PFTM_UDP_SINGLE }, { "udp.multiple", PFTM_UDP_MULTIPLE }, |