rfc1323.patch by Ted - grendel@heorot.stanford.edu

Changes OpenBSD TCP/IP stack so that the RFC 1323 timestamp is set at
zero at the start of each connection.  Makes it impossible to
determine uptime, except as concerns that one connection.

cd /sys/netinet
patch < /.../rfc1323.patch
and rebuild kernel


--- tcp_var.h.orig	Thu Mar 15 18:26:39 2001
+++ tcp_var.h	Thu Mar 15 18:27:11 2001
@@ -161,6 +161,8 @@
 	u_char	rcv_scale;		/* window scaling for recv window */
 	u_char	request_r_scale;	/* pending window scaling */
 	u_char	requested_s_scale;
+	u_int32_t mytcp_now;
+	u_int32_t oldtcp_now;
 	u_int32_t ts_recent;		/* timestamp echo data */
 	u_int32_t ts_recent_age;		/* when last updated */
 	tcp_seq	last_ack_sent;
--- tcp_input.c.orig	Thu Mar 15 18:26:24 2001
+++ tcp_input.c	Thu Mar 15 18:26:55 2001
@@ -104,6 +104,7 @@
 int	tcprexmtthresh = 3;
 struct	tcpiphdr tcp_saveti;
 int	tcptv_keep_init = TCPTV_KEEP_INIT;
+u_int32_t ts_temp;
 
 extern u_long sb_max;
 
@@ -883,7 +884,10 @@
 		 * Fix from Braden, see Stevens p. 870
 		 */
 		if (ts_present && SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
-			tp->ts_recent_age = tcp_now;
+			ts_temp = tcp_now - tp->oldtcp_now;
+			tp->oldtcp_now = tcp_now;
+			tp->mytcp_now = ts_temp + tp->mytcp_now;
+			tp->ts_recent_age = tp->mytcp_now;
 			tp->ts_recent = ts_val;
 		}
 
@@ -897,7 +901,7 @@
 				 */
 				++tcpstat.tcps_predack;
 				if (ts_present)
-					tcp_xmit_timer(tp, tcp_now-ts_ecr+1);
+					tcp_xmit_timer(tp, tp->mytcp_now-ts_ecr+1);
 				else if (tp->t_rtt &&
 					    SEQ_GT(th->th_ack, tp->t_rtseq))
 					tcp_xmit_timer(tp, tp->t_rtt);
@@ -1015,7 +1019,6 @@
 #ifdef INET6
 		register struct sockaddr_in6 *sin6;
 #endif /* INET6 */
-
 		if (tiflags & TH_RST)
 			goto drop;
 		if (tiflags & TH_ACK)
@@ -1291,7 +1294,7 @@
 	    TSTMP_LT(ts_val, tp->ts_recent)) {
 
 		/* Check to see if ts_recent is over 24 days old.  */
-		if ((int)(tcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) {
+		if ((int)(tp->mytcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) {
 			/*
 			 * Invalidate ts_recent.  If this segment updates
 			 * ts_recent, the age will be reset later and ts_recent
@@ -1412,7 +1415,10 @@
 	 */
 	if (ts_present && TSTMP_GEQ(ts_val, tp->ts_recent) &&
 	    SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
-		tp->ts_recent_age = tcp_now;
+		ts_temp = tcp_now - tp->oldtcp_now;
+		tp->oldtcp_now = tcp_now;
+		tp->mytcp_now = ts_temp + tp->mytcp_now;
+		tp->ts_recent_age = tp->mytcp_now;
 		tp->ts_recent = ts_val;
 	}
 
@@ -1733,7 +1739,7 @@
 		 * Recompute the initial retransmit timer.
 		 */
 		if (ts_present)
-			tcp_xmit_timer(tp, tcp_now-ts_ecr+1);
+			tcp_xmit_timer(tp, tp->mytcp_now-ts_ecr+1);
 		else if (tp->t_rtt && SEQ_GT(th->th_ack, tp->t_rtseq))
 			tcp_xmit_timer(tp,tp->t_rtt);
 
@@ -2214,7 +2220,9 @@
 			if (th->th_flags & TH_SYN) {
 				tp->t_flags |= TF_RCVD_TSTMP;
 				tp->ts_recent = *ts_val;
-				tp->ts_recent_age = tcp_now;
+				tp->mytcp_now = 0;
+				tp->oldtcp_now = tcp_now;
+				tp->ts_recent_age = tp->mytcp_now;
 			}
 			break;
 		
--- tcp_output.c.orig	Thu Mar 15 18:26:32 2001
+++ tcp_output.c	Thu Mar 15 18:27:03 2001
@@ -559,7 +559,7 @@
  
 		/* Form timestamp option as shown in appendix A of RFC 1323. */
 		*lp++ = htonl(TCPOPT_TSTAMP_HDR);
-		*lp++ = htonl(tcp_now);
+		*lp++ = htonl(tp->mytcp_now);
 		*lp   = htonl(tp->ts_recent);
 		optlen += TCPOLEN_TSTAMP_APPA;
 	}