diff mbox

[RFC] tcp: allow timestamps even if SYN packet has tsval=0

Message ID 49B7D1F2.5090504@cosmosbay.com
State Accepted, archived
Delegated to: David Miller
Headers show

Commit Message

Eric Dumazet March 11, 2009, 3 p.m. UTC 
David Miller a écrit :
> From: Eric Dumazet <dada1@cosmosbay.com>
> Date: Wed, 11 Mar 2009 13:17:54 +0100
> 
>> So apparently WindowsXP sends a NULL tsval in SYN packet, then
>> subsequent packets get a real value (60498) in this case.
>>
>> This seems to work on other OS as well, so is the following patch
>> considered evil ?  Do we have security concerns or only risking
>> windows client to have slightly wrong rtt estimation at the begining
>> of the tcp session ?
> 
> I think we'll have to accept this.
> 
> I don't see other systems blocking initial ts_ecn values of
> zero like we do.

ts_ecn ? You meant tsval ?

OK, here is a patch against net-next-2.6 with a Changelog and Signoff then.

Thank you

[PATCH] tcp: allow timestamps even if SYN packet has tsval=0

Some systems send SYN packets with apparently wrong RFC1323 timestamp
option values [timestamp tsval=0 tsecr=0].
It might be for security reasons (http://www.secuobs.com/plugs/25220.shtml )

Linux TCP stack ignores this option and sends back a SYN+ACK packet
without timestamp option, thus many TCP flows cannot use timestamps
and lose some benefit of RFC1323.

Other operating systems seem to not care about initial tsval value, and let
tcp flows to negotiate timestamp option.

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
---


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

David Miller March 11, 2009, 4:24 p.m. UTC | #1 
From: Eric Dumazet <dada1@cosmosbay.com>
Date: Wed, 11 Mar 2009 16:00:02 +0100

> [PATCH] tcp: allow timestamps even if SYN packet has tsval=0
> 
> Some systems send SYN packets with apparently wrong RFC1323 timestamp
> option values [timestamp tsval=0 tsecr=0].
> It might be for security reasons (http://www.secuobs.com/plugs/25220.shtml )
> 
> Linux TCP stack ignores this option and sends back a SYN+ACK packet
> without timestamp option, thus many TCP flows cannot use timestamps
> and lose some benefit of RFC1323.
> 
> Other operating systems seem to not care about initial tsval value, and let
> tcp flows to negotiate timestamp option.
> 
> Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>

And amusingly even Linux didn't care for ipv6 TCP sockets ;-)

Applied to net-next-2.6, thanks Eric.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index cf74c41..4a55854 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1226,15 +1226,6 @@  int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
 	if (want_cookie && !tmp_opt.saw_tstamp)
 		tcp_clear_options(&tmp_opt);
 
-	if (tmp_opt.saw_tstamp && !tmp_opt.rcv_tsval) {
-		/* Some OSes (unknown ones, but I see them on web server, which
-		 * contains information interesting only for windows'
-		 * users) do not send their stamp in SYN. It is easy case.
-		 * We simply do not advertise TS support.
-		 */
-		tmp_opt.saw_tstamp = 0;
-		tmp_opt.tstamp_ok  = 0;
-	}
 	tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
 
 	tcp_openreq_init(req, &tmp_opt, skb);