OpenBSD 2.7/2.8 patch which causes the timestamp to start at 0 for each connection, confusing nmap's remote uptime guess.
9f8d780d338bfcf9705e50d5403172b5cecfa21ac94b2d592238d13110f33a83
rfc1323.patch by Ted - grendel@heorot.stanford.edu
Changes OpenBSD TCP/IP stack so that the RFC 1323 timestamp is set at
zero at the start of each connection. Makes it impossible to
determine uptime, except as concerns that one connection.
cd /sys/netinet
patch < /.../rfc1323.patch
and rebuild kernel
--- tcp_var.h.orig Thu Mar 15 18:26:39 2001
+++ tcp_var.h Thu Mar 15 18:27:11 2001
@@ -161,6 +161,8 @@
u_char rcv_scale; /* window scaling for recv window */
u_char request_r_scale; /* pending window scaling */
u_char requested_s_scale;
+ u_int32_t mytcp_now;
+ u_int32_t oldtcp_now;
u_int32_t ts_recent; /* timestamp echo data */
u_int32_t ts_recent_age; /* when last updated */
tcp_seq last_ack_sent;
--- tcp_input.c.orig Thu Mar 15 18:26:24 2001
+++ tcp_input.c Thu Mar 15 18:26:55 2001
@@ -104,6 +104,7 @@
int tcprexmtthresh = 3;
struct tcpiphdr tcp_saveti;
int tcptv_keep_init = TCPTV_KEEP_INIT;
+u_int32_t ts_temp;
extern u_long sb_max;
@@ -883,7 +884,10 @@
* Fix from Braden, see Stevens p. 870
*/
if (ts_present && SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
- tp->ts_recent_age = tcp_now;
+ ts_temp = tcp_now - tp->oldtcp_now;
+ tp->oldtcp_now = tcp_now;
+ tp->mytcp_now = ts_temp + tp->mytcp_now;
+ tp->ts_recent_age = tp->mytcp_now;
tp->ts_recent = ts_val;
}
@@ -897,7 +901,7 @@
*/
++tcpstat.tcps_predack;
if (ts_present)
- tcp_xmit_timer(tp, tcp_now-ts_ecr+1);
+ tcp_xmit_timer(tp, tp->mytcp_now-ts_ecr+1);
else if (tp->t_rtt &&
SEQ_GT(th->th_ack, tp->t_rtseq))
tcp_xmit_timer(tp, tp->t_rtt);
@@ -1015,7 +1019,6 @@
#ifdef INET6
register struct sockaddr_in6 *sin6;
#endif /* INET6 */
-
if (tiflags & TH_RST)
goto drop;
if (tiflags & TH_ACK)
@@ -1291,7 +1294,7 @@
TSTMP_LT(ts_val, tp->ts_recent)) {
/* Check to see if ts_recent is over 24 days old. */
- if ((int)(tcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) {
+ if ((int)(tp->mytcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) {
/*
* Invalidate ts_recent. If this segment updates
* ts_recent, the age will be reset later and ts_recent
@@ -1412,7 +1415,10 @@
*/
if (ts_present && TSTMP_GEQ(ts_val, tp->ts_recent) &&
SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
- tp->ts_recent_age = tcp_now;
+ ts_temp = tcp_now - tp->oldtcp_now;
+ tp->oldtcp_now = tcp_now;
+ tp->mytcp_now = ts_temp + tp->mytcp_now;
+ tp->ts_recent_age = tp->mytcp_now;
tp->ts_recent = ts_val;
}
@@ -1733,7 +1739,7 @@
* Recompute the initial retransmit timer.
*/
if (ts_present)
- tcp_xmit_timer(tp, tcp_now-ts_ecr+1);
+ tcp_xmit_timer(tp, tp->mytcp_now-ts_ecr+1);
else if (tp->t_rtt && SEQ_GT(th->th_ack, tp->t_rtseq))
tcp_xmit_timer(tp,tp->t_rtt);
@@ -2214,7 +2220,9 @@
if (th->th_flags & TH_SYN) {
tp->t_flags |= TF_RCVD_TSTMP;
tp->ts_recent = *ts_val;
- tp->ts_recent_age = tcp_now;
+ tp->mytcp_now = 0;
+ tp->oldtcp_now = tcp_now;
+ tp->ts_recent_age = tp->mytcp_now;
}
break;
--- tcp_output.c.orig Thu Mar 15 18:26:32 2001
+++ tcp_output.c Thu Mar 15 18:27:03 2001
@@ -559,7 +559,7 @@
/* Form timestamp option as shown in appendix A of RFC 1323. */
*lp++ = htonl(TCPOPT_TSTAMP_HDR);
- *lp++ = htonl(tcp_now);
+ *lp++ = htonl(tp->mytcp_now);
*lp = htonl(tp->ts_recent);
optlen += TCPOLEN_TSTAMP_APPA;
}