tc-bytecode in 2019-001 may erroneously match values in tcp timestamp options?

Question

tc-bytecode in 2019-001 may erroneously match values in tcp timestamp options?

Opened this issue 6 years ago · 1 comments

I don't think there's anything to ensure it is not evaluating any four bytes of timestamp's eight bytes of values. Re-transmitted segments with newer TS values are less likely to also be matched erroneously (except for maybe echo values on SYN|ACKs) but the session might have to pay the initial rto penalty.

Answer 1 · 2019-06-18T13:34:05.000Z

Agreed, the bpf code does a simple tcp option parse at all possible offsets of they option space so a syn could be dropped in error and the client would have to pay a rto penalty.

An update is possible to skip timestamp options.