Re: TCP timestamp starting value (wa: A strange TCP timestamp problem?)

[christos%astron.com@localhost (Christos Zoulas)]

In article <20160720164353.GT43747%trav.math.uni-bonn.de@localhost>,
Edgar Fuß  <ef%math.uni-bonn.de@localhost> wrote:
>-=-=-=-=-=-
>
>With TCP timestamps enabled, NetBSD counts them (at 2Hz) starting from 1 for 
>each connection individually. While this behaviour is in perfect accordance 
>with the RFC, existing peers (in our case, some IBM load balancing software) 
>seems to get upset either by repeatedly seing value 1 from the same IP address 
>(perhaps regarding this as some form of attack), or by seing decreasing 
>timestamps from one IP address. In our case, the peer seems, after some grace 
>period, to discard SYN packets resulting in the three-way-handshake to take 
>6 seconds.
>The starting value of 1 was chosen (over some form or uptime as other OSes do) 
>in order not to leak any information about the system's uptime. The same can 
>be aceived by using something proportional to real time.
>The attached patch implements that (with an arbitrary offset to prevent 
>near-time 32-bit-overflow). The same could be achieved, of course, by simply 
>sampling real time at TCP stack initialization; however, the suggested patch 
>is less intrusive and would allow for run-time tweaking.
>
>The patch made our problem disappear.
>
>Any objections or suggestions?

I would create a gettimebase() function instead of duplicating the code.
I would also create a sysctl to enable this behavior.

christos