X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/f427ee49d309d8fc33ebf3042c3a775f2f530ded..c3c9b80d004dbbfdf763edeb97968c6997e3b45b:/bsd/netinet/tcp_subr.c

diff --git a/bsd/netinet/tcp_subr.c b/bsd/netinet/tcp_subr.c
index fe3a0192a..0b2a55138 100644
--- a/bsd/netinet/tcp_subr.c
+++ b/bsd/netinet/tcp_subr.c
@@ -1032,6 +1032,7 @@ tcp_newtcpcb(struct inpcb *inp)
 	struct tcpcb *tp;
 	struct socket *so = inp->inp_socket;
 	int isipv6 = (inp->inp_vflag & INP_IPV6) != 0;
+	uint32_t random_32;
 
 	calculate_tcp_clock();
 
@@ -1104,14 +1105,19 @@ tcp_newtcpcb(struct inpcb *inp)
 	tp->t_twentry.tqe_next = NULL;
 	tp->t_twentry.tqe_prev = NULL;
 
+	read_frandom(&random_32, sizeof(random_32));
 	if (__probable(tcp_do_ack_compression)) {
-		read_frandom(&tp->t_comp_gencnt, sizeof(tp->t_comp_gencnt));
+		tp->t_comp_gencnt = random_32;
 		if (tp->t_comp_gencnt <= TCP_ACK_COMPRESSION_DUMMY) {
 			tp->t_comp_gencnt = TCP_ACK_COMPRESSION_DUMMY + 1;
 		}
 		tp->t_comp_lastinc = tcp_now;
 	}
 
+	if (__probable(tcp_randomize_timestamps)) {
+		tp->t_ts_offset = random_32;
+	}
+
 	/*
 	 * IPv4 TTL initialization is necessary for an IPv6 socket as well,
 	 * because the socket may be bound to an IPv6 wildcard address,