| commit | 915cb3b310e9b3a87ab2b352b22f57c23b34f41d | |
| author | Lauri Tirkkonen <lotheac@iki.fi> | |
| Wed, 26 Apr 2017 09:27:14 +0000 (26 12:27 +0300) | ||
| committer | Lauri Tirkkonen <lotheac@iki.fi> | |
| Wed, 26 Apr 2017 09:27:14 +0000 (26 12:27 +0300) | ||
| tree | cd39120f03936cb9a90b39bf4d9f3614e61dddf8 | treesnapshot (tar.gz zip) |
| parent | 78887d3d6d24569d19f2a8d548d7d212ddcfe2c6 | commitdiff |
tcp: remove _strong_iss tunable
Instead, use random ISS on incoming connections and follow RFC6528 for
outgoing connections. This logic is borrowed from OpenBSD -- the
initial sequence numbers don't need to be increasing across connections
except for the case where the same connection-id tuple is still in
TIME_WAIT on the listener, so RFC6528 is only necessary for outgoing
connections.
The implementation is not that pretty: we use the listener tcp's tcp_iss
to pass the new ISS along to tcp_input_listener from the SYN received
while in TIME_WAIT. Previously this used to modify the tcp stack's
tcps_iss_incr_extra value though, so perhaps it's at least not worse.
Instead, use random ISS on incoming connections and follow RFC6528 for
outgoing connections. This logic is borrowed from OpenBSD -- the
initial sequence numbers don't need to be increasing across connections
except for the case where the same connection-id tuple is still in
TIME_WAIT on the listener, so RFC6528 is only necessary for outgoing
connections.
The implementation is not that pretty: we use the listener tcp's tcp_iss
to pass the new ISS along to tcp_input_listener from the SYN received
while in TIME_WAIT. Previously this used to modify the tcp stack's
tcps_iss_incr_extra value though, so perhaps it's at least not worse.