95a22caee3
jiffies based timestamps allow for easy inference of number of devices
behind NAT translators and also makes tracking of hosts simpler.
commit ceaa1fef65
("tcp: adding a per-socket timestamp offset")
added the main infrastructure that is needed for per-connection ts
randomization, in particular writing/reading the on-wire tcp header
format takes the offset into account so rest of stack can use normal
tcp_time_stamp (jiffies).
So only two items are left:
- add a tsoffset for request sockets
- extend the tcp isn generator to also return another 32bit number
in addition to the ISN.
Re-use of ISN generator also means timestamps are still monotonically
increasing for same connection quadruple, i.e. PAWS will still work.
Includes fixes from Eric Dumazet.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
19 lines
700 B
C
19 lines
700 B
C
#ifndef _NET_SECURE_SEQ
|
|
#define _NET_SECURE_SEQ
|
|
|
|
#include <linux/types.h>
|
|
|
|
u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
|
|
u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr,
|
|
__be16 dport);
|
|
u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr,
|
|
__be16 sport, __be16 dport, u32 *tsoff);
|
|
u32 secure_tcpv6_sequence_number(const __be32 *saddr, const __be32 *daddr,
|
|
__be16 sport, __be16 dport, u32 *tsoff);
|
|
u64 secure_dccp_sequence_number(__be32 saddr, __be32 daddr,
|
|
__be16 sport, __be16 dport);
|
|
u64 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr,
|
|
__be16 sport, __be16 dport);
|
|
|
|
#endif /* _NET_SECURE_SEQ */
|