On Wed, 14 Mar 2001, Bret wrote:
> I think that some redesign by kernel developers is in
> order on this so that such information is not given out (no matter how
> useless it may appear), either by creating a new 'timestamp clock' for
> each TCP session (that uses timestamps) or by starting the timestamp clock
> off with some random number.
here's a patch for openbsd 2.8/7 that does the first option. it uses the
main 'clock' but starts off at zero. works for me on i386. tcpdump
reveals that it acts as it should, but confuses nmap when it gets 0
several times in a row. now you can only determine the length a
connection has been open, but you already know that. interoperates fine
with more 'standard' implementations.
caveats: unsure of what happens when timestamp overflows. also probably
has some minimal impact on performance.
--
Ted Unangst - [EMAIL PROTECTED] - http://heorot.stanford.edu/
"If you don't believe in the existence of evil, you have a lot to learn."
rfc1323.patch by Ted - [EMAIL PROTECTED]
Changes OpenBSD TCP/IP stack so that the RFC 1323 timestamp is set at
zero at the start of each connection. Makes it impossible to
determine uptime, except as concerns that one connection.
cd /sys/netinet
patch < /.../rfc1323.patch
and rebuild kernel
--- tcp_var.h.orig Thu Mar 15 18:26:39 2001
+++ tcp_var.h Thu Mar 15 18:27:11 2001
@@ -161,6 +161,8 @@
u_char rcv_scale; /* window scaling for recv window */
u_char request_r_scale; /* pending window scaling */
u_char requested_s_scale;
+ u_int32_t mytcp_now;
+ u_int32_t oldtcp_now;
u_int32_t ts_recent; /* timestamp echo data */
u_int32_t ts_recent_age; /* when last updated */
tcp_seq last_ack_sent;
--- tcp_input.c.orig Thu Mar 15 18:26:24 2001
+++ tcp_input.c Thu Mar 15 18:26:55 2001
@@ -104,6 +104,7 @@
int tcprexmtthresh = 3;
struct tcpiphdr tcp_saveti;
int tcptv_keep_init = TCPTV_KEEP_INIT;
+u_int32_t ts_temp;
extern u_long sb_max;
@@ -883,7 +884,10 @@
* Fix from Braden, see Stevens p. 870
*/
if (ts_present && SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
- tp->ts_recent_age = tcp_now;
+ ts_temp = tcp_now - tp->oldtcp_now;
+ tp->oldtcp_now = tcp_now;
+ tp->mytcp_now = ts_temp + tp->mytcp_now;
+ tp->ts_recent_age = tp->mytcp_now;
tp->ts_recent = ts_val;
}
@@ -897,7 +901,7 @@
*/
++tcpstat.tcps_predack;
if (ts_present)
- tcp_xmit_timer(tp, tcp_now-ts_ecr+1);
+ tcp_xmit_timer(tp, tp->mytcp_now-ts_ecr+1);
else if (tp->t_rtt &&
SEQ_GT(th->th_ack, tp->t_rtseq))
tcp_xmit_timer(tp, tp->t_rtt);
@@ -1015,7 +1019,6 @@
#ifdef INET6
register struct sockaddr_in6 *sin6;
#endif /* INET6 */
-
if (tiflags & TH_RST)
goto drop;
if (tiflags & TH_ACK)
@@ -1291,7 +1294,7 @@
TSTMP_LT(ts_val, tp->ts_recent)) {
/* Check to see if ts_recent is over 24 days old. */
- if ((int)(tcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) {
+ if ((int)(tp->mytcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) {
/*
* Invalidate ts_recent. If this segment updates
* ts_recent, the age will be reset later and ts_recent
@@ -1412,7 +1415,10 @@
*/
if (ts_present && TSTMP_GEQ(ts_val, tp->ts_recent) &&
SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
- tp->ts_recent_age = tcp_now;
+ ts_temp = tcp_now - tp->oldtcp_now;
+ tp->oldtcp_now = tcp_now;
+ tp->mytcp_now = ts_temp + tp->mytcp_now;
+ tp->ts_recent_age = tp->mytcp_now;
tp->ts_recent = ts_val;
}
@@ -1733,7 +1739,7 @@
* Recompute the initial retransmit timer.
*/
if (ts_present)
- tcp_xmit_timer(tp, tcp_now-ts_ecr+1);
+ tcp_xmit_timer(tp, tp->mytcp_now-ts_ecr+1);
else if (tp->t_rtt && SEQ_GT(th->th_ack, tp->t_rtseq))
tcp_xmit_timer(tp,tp->t_rtt);
@@ -2214,7 +2220,9 @@
if (th->th_flags & TH_SYN) {
tp->t_flags |= TF_RCVD_TSTMP;
tp->ts_recent = *ts_val;
- tp->ts_recent_age = tcp_now;
+ tp->mytcp_now = 0;
+ tp->oldtcp_now = tcp_now;
+ tp->ts_recent_age = tp->mytcp_now;
}
break;
--- tcp_output.c.orig Thu Mar 15 18:26:32 2001
+++ tcp_output.c Thu Mar 15 18:27:03 2001
@@ -559,7 +559,7 @@
/* Form timestamp option as shown in appendix A of RFC 1323. */
*lp++ = htonl(TCPOPT_TSTAMP_HDR);
- *lp++ = htonl(tcp_now);
+ *lp++ = htonl(tp->mytcp_now);
*lp = htonl(tp->ts_recent);
optlen += TCPOLEN_TSTAMP_APPA;
}
