On Fri, 2016-08-26 at 01:46 +0200, Florian Westphal wrote: > Wrt. making randomization optional: > > Would you go for another sysctl or should I just change > secure_tcpvX_sequence_number to check for tcp_timestamps == 2 mode? > > *tsoff = sysctl_tcp_timestamps == 2 ? hash[1] : 0;
I've not yet look at your "add tcp_timestamps=2 mode to force tsecr validation on ofo segments" patch. It looks a bit scary to me :( I would rather have a separate sysctl, or maybe a per route attribute. Note that this could be done later. > > Could also use a static key but I don't think its worth it vs. md5 cost. > What do you think? A static key wont help a lot I think ;)
