From: Eric Dumazet <eric.duma...@gmail.com>
Date: Fri, 05 May 2017 06:56:54 -0700
> From: Eric Dumazet <eduma...@google.com>
>
> Whole point of randomization was to hide server uptime, but an attacker
> can simply start a syn flood and TCP generates 'old style' timestamps,
> directly revealing server jiffies value.
>
> Also, TSval sent by the server to a particular remote address vary
> depending on syncookies being sent or not, potentially triggering PAWS
> drops for innocent clients.
>
> Lets implement proper randomization, including for SYNcookies.
>
> Also we do not need to export sysctl_tcp_timestamps, since it is not
> used from a module.
>
> In v2, I added Florian feedback and contribution, adding tsoff to
> tcp_get_cookie_sock().
>
> v3 removed one unused variable in tcp_v4_connect() as Florian spotted.
>
> Fixes: 95a22caee396c ("tcp: randomize tcp timestamp offsets for each
> connection")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reviewed-by: Florian Westphal <f...@strlen.de>
> Tested-by: Florian Westphal <f...@strlen.de>
Applied and queued up for -stable, thanks Eric.
