On Thu, 2016-08-18 at 14:48 +0200, Florian Westphal wrote:
> commit ceaa1fef65a7c2e ("tcp: adding a per-socket timestamp offset")
> added the main infrastructure that is needed for per-connection
> randomization, in particular writing/reading the on-wire tcp header
> format takes the offset into account so rest of stack can use normal
> tcp_time_stamp (jiffies).
>
> So only two items are left:
> - add a tsoffset for request sockets
> - extend the tcp isn generator to also return another 32bit number
> in addition to the ISN.
>
> Re-use of ISN generator also means timestamps are still monotonically
> increasing for same connection quadruple.
>
> Signed-off-by: Florian Westphal <f...@strlen.de>
> ---
> include/linux/tcp.h | 1 +
> include/net/secure_seq.h | 13 +++++++++----
> include/net/tcp.h | 2 +-
> net/core/secure_seq.c | 19 +++++++++++++------
> net/ipv4/syncookies.c | 1 +
> net/ipv4/tcp_input.c | 7 ++++++-
> net/ipv4/tcp_ipv4.c | 30 ++++++++++++++++++++----------
> net/ipv4/tcp_minisocks.c | 4 +++-
> net/ipv4/tcp_output.c | 2 +-
> net/ipv6/syncookies.c | 1 +
> net/ipv6/tcp_ipv6.c | 28 ++++++++++++++++++----------
> 11 files changed, 74 insertions(+), 34 deletions(-)
It seems tcp_v4_reqsk_send_ack() and tcp_v6_reqsk_send_ack() were not
taken into account.
See commit 20a2b49fc5385 changelog
packetdrill test showing the possible issue if the TS sent on an ACK in
SYN_RECV state is wrong.
