From: Eric Dumazet <dada1@cosmosbay.com>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org, ilpo.jarvinen@helsinki.fi
Subject: Re: [RFC] tcp: allow timestamps even if SYN packet has tsval=0
Date: Wed, 11 Mar 2009 16:00:02 +0100 [thread overview]
Message-ID: <49B7D1F2.5090504@cosmosbay.com> (raw)
In-Reply-To: <20090311.064710.255854254.davem@davemloft.net>
David Miller a écrit :
> From: Eric Dumazet <dada1@cosmosbay.com>
> Date: Wed, 11 Mar 2009 13:17:54 +0100
>
>> So apparently WindowsXP sends a NULL tsval in SYN packet, then
>> subsequent packets get a real value (60498) in this case.
>>
>> This seems to work on other OS as well, so is the following patch
>> considered evil ? Do we have security concerns or only risking
>> windows client to have slightly wrong rtt estimation at the begining
>> of the tcp session ?
>
> I think we'll have to accept this.
>
> I don't see other systems blocking initial ts_ecn values of
> zero like we do.
ts_ecn ? You meant tsval ?
OK, here is a patch against net-next-2.6 with a Changelog and Signoff then.
Thank you
[PATCH] tcp: allow timestamps even if SYN packet has tsval=0
Some systems send SYN packets with apparently wrong RFC1323 timestamp
option values [timestamp tsval=0 tsecr=0].
It might be for security reasons (http://www.secuobs.com/plugs/25220.shtml )
Linux TCP stack ignores this option and sends back a SYN+ACK packet
without timestamp option, thus many TCP flows cannot use timestamps
and lose some benefit of RFC1323.
Other operating systems seem to not care about initial tsval value, and let
tcp flows to negotiate timestamp option.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
---
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index cf74c41..4a55854 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1226,15 +1226,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
if (want_cookie && !tmp_opt.saw_tstamp)
tcp_clear_options(&tmp_opt);
- if (tmp_opt.saw_tstamp && !tmp_opt.rcv_tsval) {
- /* Some OSes (unknown ones, but I see them on web server, which
- * contains information interesting only for windows'
- * users) do not send their stamp in SYN. It is easy case.
- * We simply do not advertise TS support.
- */
- tmp_opt.saw_tstamp = 0;
- tmp_opt.tstamp_ok = 0;
- }
tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
tcp_openreq_init(req, &tmp_opt, skb);
next prev parent reply other threads:[~2009-03-11 15:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-11 12:17 [RFC] tcp: allow timestamps even if SYN packet has tsval=0 Eric Dumazet
2009-03-11 13:47 ` David Miller
2009-03-11 15:00 ` Eric Dumazet [this message]
2009-03-11 16:24 ` David Miller
2009-03-12 7:26 ` Ilpo Järvinen
2009-03-13 21:25 ` David Miller
2009-03-14 8:22 ` Ilpo Järvinen
2009-03-14 9:31 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49B7D1F2.5090504@cosmosbay.com \
--to=dada1@cosmosbay.com \
--cc=davem@davemloft.net \
--cc=ilpo.jarvinen@helsinki.fi \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).