tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: TCP timestamp starting value
On Mon, Jul 25, 2016 at 02:37:13PM +0200, Edgar Fuß wrote:
> > Let me illustrate this by just pointing to the wide spread use of NAT today.
> OK, that's a good point. As it's known to me that elsewhere, NATing some 100
> machines behind a single v4 address doesn't cause problems with the load
> balancer mentioned, the problem is probably more the repeated use of the same
> (low) value range than decreasing values.
>
> > As I said, I don't really have a problem with using
> > HASH(src,dst) + uptime as initial timestamp value.
> You mean HASH(src,dst,cookie)?
Right, sorry. I consider the cookie as seed for the hash function in the
HMAC sense, that's why I didn't list htis.
> Some questions about the details:
> -- why incorporate src into the hash?
No leaking of the network topology of the server, it can have more than
one address.
> -- do you mean to use hash32_buf() for HASH or something more elaborate?
MD5 or any other cryptographic hash.
> -- do you propose to use the full 32-bit result (which may cause a timestamp
> wrap-around) or only use some lower bits?
It's likely safer to just use the lower 30bit.
Joerg
Home |
Main Index |
Thread Index |
Old Index