我有一项安全扫描发现指示我禁用 TCP 时间戳。我理解推荐的原因:时间戳可用于计算服务器正常运行时间,这对攻击者很有帮助(在 http://www.silby.com/eurobsdcon05/eurobsdcon_silbersack.pdf 的“TCP 时间戳”标题下有很好的解释)。
但是,据我了解,TCP 时间戳旨在增强 TCP 性能。自然地,在成本/ yield 分析中,性能下降是一个很大的,可能太大的成本。我很难理解可能会有多少性能成本(如果有的话)。 hivemind 中的任何节点都愿意提供帮助吗?
最佳答案
RFC 1323 - Round-Trip Measurement 中最简洁地表达了答案... RFC 的介绍也提供了一些相关的历史背景...
Introduction
The introduction of fiber optics is resulting in ever-higher
transmission speeds, and the fastest paths are moving out of the
domain for which TCP was originally engineered. This memo defines a
set of modest extensions to TCP to extend the domain of its
application to match this increasing network capability. It is based
upon and obsoletes RFC-1072 [Jacobson88b] and RFC-1185 [Jacobson90b].
(3) Round-Trip Measurement
TCP implements reliable data delivery by retransmitting
segments that are not acknowledged within some retransmission
timeout (RTO) interval. Accurate dynamic determination of an
appropriate RTO is essential to TCP performance. RTO is
determined by estimating the mean and variance of the
measured round-trip time (RTT), i.e., the time interval
between sending a segment and receiving an acknowledgment for
it [Jacobson88a].
Section 4 introduces a new TCP option, "Timestamps", and then
defines a mechanism using this option that allows nearly
every segment, including retransmissions, to be timed at
negligible computational cost. We use the mnemonic RTTM
(Round Trip Time Measurement) for this mechanism, to
distinguish it from other uses of the Timestamps option.
您因禁用时间戳而招致的具体性能损失将取决于您的特定服务器操作系统以及您的操作方式(例如,请参见 PSC doc on performance tuning)。某些操作系统要求您一次启用或禁用所有 RFC1323 选项...其他操作系统允许您有选择地启用 RFC 1323 选项。
如果您的数据传输以某种方式受到您的虚拟服务器的限制(也许您只购买了便宜的 vhost 计划),那么您可能无论如何都无法使用更高的性能……也许值得尝试关闭它们。如果这样做,请务必在可能的情况下从多个不同的位置对前后的性能进行基准测试。
关于networking - TCP 时间戳有什么好处?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7880383/