On Fri, 2017-05-05 at 02:32 +0200, Florian Westphal wrote:
> Florian Westphal wrote:
> [..]
> > This breaks syncookies w. timestamps; cookie_timestamp_decode() lacks a
> > tsoff
> > for readjustment.
> >
> > We also need to pass the (recomputed) tsoff to tcp_get_cookie_sock().
>
> This small de
Florian Westphal wrote:
[..]
> This breaks syncookies w. timestamps; cookie_timestamp_decode() lacks a tsoff
> for readjustment.
>
> We also need to pass the (recomputed) tsoff to tcp_get_cookie_sock().
This small delta makes things work for me:
diff --git a/include/net/tcp.h b/include/net/tcp.
Eric Dumazet wrote:
> From: Eric Dumazet
>
> Whole point of randomization was to hide server uptime, but an attacker
> can simply start a syn flood and TCP generates 'old style' timestamps,
> directly revealing server jiffies value.
>
> Also, TSval sent by the server to a particular remote addr
From: Eric Dumazet
Whole point of randomization was to hide server uptime, but an attacker
can simply start a syn flood and TCP generates 'old style' timestamps,
directly revealing server jiffies value.
Also, TSval sent by the server to a particular remote address vary depending
on syncookies be
