[Bro] Bro behind a TLS reverse proxy
Brandon Sterne
brandon.sterne at gmail.com
Thu Apr 12 09:16:52 PDT 2018
This is, it turns out, a known Redhat bug and it has been fixed in C7.5. I
haven't tested it yet but it looks like a trivial patch that was already
fixed upstream:
https://patchwork.kernel.org/patch/6275821/
--- a/net/ipv4/tcp_output.c+++ b/net/ipv4/tcp_output.c@@ -2772,6
+2772,8 @@ struct sk_buff *tcp_make_synack(struct s
}
#endif
+ /* Do not fool tcpdump (if any), clean our debris */+ skb->tstamp.tv64 = 0;
return skb;
}
EXPORT_SYMBOL(tcp_make_synack);
On Thu, Apr 12, 2018 at 7:54 AM, Seth Hall <seth at corelight.com> wrote:
>
>
> On 10 Apr 2018, at 0:21, Brandon Sterne wrote:
>
> I can confirm this also happens on a C7 OpenStack VM:
>>
>
> Just to keep this fun, you aren't the only one seeing it...
> https://serverfault.com/questions/907037/random-timestamp-
> on-first-syn-ack-on-loopback
>
> I just replicated it locally, but my timestamp on CentOS 7.4 (non-VM) was
> Jun 7 00:47:18 2034. :)
>
> .Seth
>
>
> --
> Seth Hall * Corelight, Inc * www.corelight.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180412/e8c5f575/attachment.html
More information about the Bro
mailing list