From owner-svn-src-all@freebsd.org  Tue Jul 23 21:28:21 2019
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 729CEB42A3;
 Tue, 23 Jul 2019 21:28:21 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 540B676993;
 Tue, 23 Jul 2019 21:28:21 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2E05C3F65;
 Tue, 23 Jul 2019 21:28:21 +0000 (UTC)
 (envelope-from tuexen@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x6NLSLlh026243;
 Tue, 23 Jul 2019 21:28:21 GMT (envelope-from tuexen@FreeBSD.org)
Received: (from tuexen@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x6NLSKuW026240;
 Tue, 23 Jul 2019 21:28:20 GMT (envelope-from tuexen@FreeBSD.org)
Message-Id: <201907232128.x6NLSKuW026240@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: tuexen set sender to
 tuexen@FreeBSD.org using -f
From: Michael Tuexen <tuexen@FreeBSD.org>
Date: Tue, 23 Jul 2019 21:28:20 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r350265 - in head: share/man/man4 sys/netinet
X-SVN-Group: head
X-SVN-Commit-Author: tuexen
X-SVN-Commit-Paths: in head: share/man/man4 sys/netinet
X-SVN-Commit-Revision: 350265
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 540B676993
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.97 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 NEURAL_HAM_SHORT(-0.97)[-0.970,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 21:28:21 -0000

Author: tuexen
Date: Tue Jul 23 21:28:20 2019
New Revision: 350265
URL: https://svnweb.freebsd.org/changeset/base/350265

Log:
  Add a sysctl variable ts_offset_per_conn to change the computation
  of the TCP TS offset from taking the IP addresses and the TCP port
  numbers into account to a version just taking only the IP addresses
  into account. This works around broken middleboxes or endpoints.
  The default is to keep the behaviour, which is also the behaviour
  recommended in RFC 7323.
  
  Reported by:		devgs@ukr.net
  Reviewed by:		rrs@
  MFC after:		2 weeks
  Sponsored by:		Netflix, Inc.
  Differential Revision:	https://reviews.freebsd.org/D20980

Modified:
  head/share/man/man4/tcp.4
  head/sys/netinet/tcp_subr.c
  head/sys/netinet/tcp_var.h

Modified: head/share/man/man4/tcp.4
==============================================================================
--- head/share/man/man4/tcp.4	Tue Jul 23 21:26:03 2019	(r350264)
+++ head/share/man/man4/tcp.4	Tue Jul 23 21:28:20 2019	(r350265)
@@ -34,7 +34,7 @@
 .\"     From: @(#)tcp.4	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd March 23, 2019
+.Dd July 23, 2019
 .Dt TCP 4
 .Os
 .Sh NAME
@@ -606,6 +606,10 @@ Default is false.
 .It Va insecure_syn
 Use criteria defined in RFC793 instead of RFC5961 for accepting SYN segments.
 Default is false.
+.It Va ts_offset_per_conn
+When initializing the TCP timestamps, use a per connection offset instead of a
+per host pair offset.
+Default is to use per connection offsets as recommended in RFC 7323.
 .El
 .Sh ERRORS
 A socket operation may fail with one of the following errors returned:

Modified: head/sys/netinet/tcp_subr.c
==============================================================================
--- head/sys/netinet/tcp_subr.c	Tue Jul 23 21:26:03 2019	(r350264)
+++ head/sys/netinet/tcp_subr.c	Tue Jul 23 21:28:20 2019	(r350265)
@@ -195,6 +195,11 @@ SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, 
     &VNET_NAME(tcp_do_rfc1323), 0,
     "Enable rfc1323 (high performance TCP) extensions");
 
+VNET_DEFINE(int, tcp_ts_offset_per_conn) = 1;
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, ts_offset_per_conn, CTLFLAG_VNET | CTLFLAG_RW,
+    &VNET_NAME(tcp_ts_offset_per_conn), 0,
+    "Initialize TCP timestamps per connection instead of per host pair");
+
 static int	tcp_log_debug = 0;
 SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_debug, CTLFLAG_RW,
     &tcp_log_debug, 0, "Log errors caused by incoming TCP segments");
@@ -2634,7 +2639,17 @@ tcp_keyed_hash(struct in_conninfo *inc, u_char *key, u
 uint32_t
 tcp_new_ts_offset(struct in_conninfo *inc)
 {
-	return (tcp_keyed_hash(inc, V_ts_offset_secret,
+	struct in_conninfo inc_store, *local_inc;
+
+	if (!V_tcp_ts_offset_per_conn) {
+		memcpy(&inc_store, inc, sizeof(struct in_conninfo));
+		inc_store.inc_lport = 0;
+		inc_store.inc_fport = 0;
+		local_inc = &inc_store;
+	} else {
+		local_inc = inc;
+	}
+	return (tcp_keyed_hash(local_inc, V_ts_offset_secret,
 	    sizeof(V_ts_offset_secret)));
 }
 

Modified: head/sys/netinet/tcp_var.h
==============================================================================
--- head/sys/netinet/tcp_var.h	Tue Jul 23 21:26:03 2019	(r350264)
+++ head/sys/netinet/tcp_var.h	Tue Jul 23 21:28:20 2019	(r350265)
@@ -802,6 +802,7 @@ VNET_DECLARE(struct inpcbinfo, tcbinfo);
 #define	V_tcp_do_autosndbuf		VNET(tcp_do_autosndbuf)
 #define	V_tcp_do_ecn			VNET(tcp_do_ecn)
 #define	V_tcp_do_rfc1323		VNET(tcp_do_rfc1323)
+#define V_tcp_ts_offset_per_conn	VNET(tcp_ts_offset_per_conn)
 #define	V_tcp_do_rfc3042		VNET(tcp_do_rfc3042)
 #define	V_tcp_do_rfc3390		VNET(tcp_do_rfc3390)
 #define	V_tcp_do_rfc3465		VNET(tcp_do_rfc3465)