Re: A strange TCP timestamp problem?

To: christos%astron.com@localhost (Christos Zoulas)
Subject: Re: A strange TCP timestamp problem?
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Sat, 06 Jun 2015 07:42:49 +0700

    Date:        Fri, 5 Jun 2015 23:36:50 +0000 (UTC)
    From:        christos%astron.com@localhost (Christos Zoulas)
    Message-ID:  <mktbqi$nsm$1%ger.gmane.org@localhost>

  | The question is, is rejecting
  | the packet based on tsval = 1 a reasonable behavior?

No, but it is believable that implementations might do that (not that the
"1" in particular should be important - more likely just the repeated 
unchanging value.)

It is common to use tsval in combination with the seq number to
extend the range of the latter - making seq number roll around less
of a problem (it never used to be in the days of 56K bps links, buut
with 10GBps links, it can be a real problem.)

As long as the ISN is varying in the SYN packets for the new connections,
it should not be a problem.

But I can imagine a system relying on tsval being some kind of monotonic
time representation (over multiple connections) in order to get the larger
seq number space benefit, and treating multiple syns with the same tsval as
some kind of attack.

kre

References:
- Re: A strange TCP timestamp problem?
  - From: Christos Zoulas
- A strange TCP timestamp problem?
  - From: Dave Huang

Prev by Date: Re: A strange TCP timestamp problem?
Next by Date: Re: A strange TCP timestamp problem?
Previous by Thread: Re: TCP timestamp starting value
Next by Thread: NPF or PF
Indexes:

Home | Main Index | Thread Index | Old Index