From ba8337658eb3bec090982326db302d68279d0ba8 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon, 19 Oct 2015 14:03:57 +0000
Subject: [PATCH] disable leaking TCP timestamps by default

https://github.com/QubesOS/qubes-issues/issues/1344
---
 Makefile                    | 1 +
 misc/20_tcp_timestamps.conf | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 misc/20_tcp_timestamps.conf

diff --git a/Makefile b/Makefile
index 2fcf89f..266bd4f 100644
--- a/Makefile
+++ b/Makefile
@@ -128,6 +128,7 @@ install-common:
 
 	install -D -m 0440 misc/qubes.sudoers $(DESTDIR)/etc/sudoers.d/qubes
 	install -D -m 0440 misc/sudoers.d_qt_x11_no_mitshm $(DESTDIR)/etc/sudoers.d/qt_x11_no_mitshm
+	install -D -m 0440 misc/20_tcp_timestamps.conf $(DESTDIR)/etc/sysctl.d/20_tcp_timestamps.conf
 
 	install -d $(DESTDIR)/var/lib/qubes
 
diff --git a/misc/20_tcp_timestamps.conf b/misc/20_tcp_timestamps.conf
new file mode 100644
index 0000000..f47b8d3
--- /dev/null
+++ b/misc/20_tcp_timestamps.conf
@@ -0,0 +1 @@
+net.ipv4.tcp_timestamps=0