首页 发现 帮助
登录
GfA
/
linux_kernel
5
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

tcp: allow to turn tcp timestamp randomization off

Eric says: "By looking at tcpdump, and TS val of xmit packets of multiple
flows, we can deduct the relative qdisc delays (think of fq pacing).
This should work even if we have one flow per remote peer."

Having random per flow (or host) offsets doesn't allow that anymore so add
a way to turn this off.

Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Florian Westphal 8 年之前
父节点
95a22caee3
当前提交
25429d7b7d
共有 3 个文件被更改,包括 11 次插入4 次删除
合并视图 显示文件统计
  1. 7 2
      Documentation/networking/ip-sysctl.txt
  2. 3 2
      net/core/secure_seq.c
  3. 1 0
      net/ipv4/tcp_input.c

+ 7 - 2
Documentation/networking/ip-sysctl.txt
查看文件 

@@ -610,8 +610,13 @@ tcp_syn_retries - INTEGER
 
 	with the current initial RTO of 1second. With this the final timeout
 
 	with the current initial RTO of 1second. With this the final timeout
 
 	for an active TCP connection attempt will happen after 127seconds.
 
 	for an active TCP connection attempt will happen after 127seconds.
 
 
 
-tcp_timestamps - BOOLEAN
 
-	Enable timestamps as defined in RFC1323.
 
+tcp_timestamps - INTEGER
 
+Enable timestamps as defined in RFC1323.
 
+	0: Disabled.
 
+	1: Enable timestamps as defined in RFC1323 and use random offset for
 
+	each connection rather than only using the current time.
 
+	2: Like 1, but without random offsets.
 
+	Default: 1
 
 
 
 tcp_min_tso_segs - INTEGER
 
 tcp_min_tso_segs - INTEGER
 
 	Minimal number of segments per TSO frame.
 
 	Minimal number of segments per TSO frame.

+ 3 - 2
net/core/secure_seq.c
查看文件 

@@ -12,6 +12,7 @@
 
 #include <net/secure_seq.h>
 
 #include <net/secure_seq.h>
 
 
 
 #if IS_ENABLED(CONFIG_IPV6) || IS_ENABLED(CONFIG_INET)
 
 #if IS_ENABLED(CONFIG_IPV6) || IS_ENABLED(CONFIG_INET)
 
+#include <net/tcp.h>
 
 #define NET_SECRET_SIZE (MD5_MESSAGE_BYTES / 4)
 
 #define NET_SECRET_SIZE (MD5_MESSAGE_BYTES / 4)
 
 
 
 static u32 net_secret[NET_SECRET_SIZE] ____cacheline_aligned;
 
 static u32 net_secret[NET_SECRET_SIZE] ____cacheline_aligned;
 
@@ -58,7 +59,7 @@ u32 secure_tcpv6_sequence_number(const __be32 *saddr, const __be32 *daddr,
 
 
 
 	md5_transform(hash, secret);
 
 	md5_transform(hash, secret);
 
 
 
-	*tsoff = hash[1];
 
+	*tsoff = sysctl_tcp_timestamps == 1 ? hash[1] : 0;
 
 	return seq_scale(hash[0]);
 
 	return seq_scale(hash[0]);
 
 }
 
 }
 
 EXPORT_SYMBOL(secure_tcpv6_sequence_number);
 
 EXPORT_SYMBOL(secure_tcpv6_sequence_number);
 
@@ -100,7 +101,7 @@ u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
 
 
 
 	md5_transform(hash, net_secret);
 
 	md5_transform(hash, net_secret);
 
 
 
-	*tsoff = hash[1];
 
+	*tsoff = sysctl_tcp_timestamps == 1 ? hash[1] : 0;
 
 	return seq_scale(hash[0]);
 
 	return seq_scale(hash[0]);
 
 }
 
 }

+ 1 - 0
net/ipv4/tcp_input.c
查看文件 

@@ -85,6 +85,7 @@ int sysctl_tcp_dsack __read_mostly = 1;
 
 int sysctl_tcp_app_win __read_mostly = 31;
 
 int sysctl_tcp_app_win __read_mostly = 31;
 
 int sysctl_tcp_adv_win_scale __read_mostly = 1;
 
 int sysctl_tcp_adv_win_scale __read_mostly = 1;
 
 EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
 
 EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
 
+EXPORT_SYMBOL(sysctl_tcp_timestamps);
 
 
 
 /* rfc5961 challenge ack rate limiting */
 
 /* rfc5961 challenge ack rate limiting */
 
 int sysctl_tcp_challenge_ack_limit = 1000;
 
 int sysctl_tcp_challenge_ack_limit = 1000;