From 50ed6b2e0994225b9bffa63b57a42da2d05e02b9 Mon Sep 17 00:00:00 2001
From: Zeling Feng <zeling@google.com>
Date: Thu, 19 Aug 2021 13:12:50 -0700
Subject: Use a hash function to generate tcp timestamp offset

Also fix an option parsing error in checker.TCPTimestampChecker while I am here.

PiperOrigin-RevId: 391828329
---
 pkg/tcpip/stack/stack.go | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'pkg/tcpip/stack')

diff --git a/pkg/tcpip/stack/stack.go b/pkg/tcpip/stack/stack.go
index e0c5e5e28..8e5c6edbf 100644
--- a/pkg/tcpip/stack/stack.go
+++ b/pkg/tcpip/stack/stack.go
@@ -160,6 +160,10 @@ type Stack struct {
 	// This is required to prevent potential ACK loops.
 	// Setting this to 0 will disable all rate limiting.
 	tcpInvalidRateLimit time.Duration
+
+	// tsOffsetSecret is the secret key for generating timestamp offsets
+	// initialized at stack startup.
+	tsOffsetSecret uint32
 }
 
 // UniqueID is an abstract generator of unique identifiers.
@@ -383,6 +387,7 @@ func New(opts Options) *Stack {
 			Max:     DefaultMaxBufferSize,
 		},
 		tcpInvalidRateLimit: defaultTCPInvalidRateLimit,
+		tsOffsetSecret:      randomGenerator.Uint32(),
 	}
 
 	// Add specified network protocols.
-- 
cgit v1.2.3