Eric Dumazet <[email protected]> wrote: > From: Eric Dumazet <[email protected]> > > Whole point of randomization was to hide server uptime, but an attacker > can simply start a syn flood and TCP generates 'old style' timestamps, > directly revealing server jiffies value. > > Also, TSval sent by the server to a particular remote address vary > depending on syncookies being sent or not, potentially triggering PAWS > drops for innocent clients. > > Lets implement proper randomization, including for SYNcookies.
Thanks a lot Eric, this works for me (I also tested ipv6 this time ;) ) Minor nit: net/ipv4/tcp_ipv4.c:154:6: warning: unused variable 'seq' [-Wunused-variable] Other than this: Reviewed-by: Florian Westphal <[email protected]> Tested-by: Florian Westphal <[email protected]>
