Correct way & which parameter to disable tcp_timestamp in Solaris x86

I'm on Solaris x86  10 & 11.

Q1:
What's the right way to disable tcp_timestamp?

http://www.cns.nyu.edu/~fan/sun-docs/sol10-01-13/html/E37386/chapter4-31.html
Above link does not have any parameters for tcp_timestamps (guess there is an 's' at
the back) & the closest is tcp_tstamp_always

Q2:
At some other URLs, it gave the same method as setting it in RHEL ie
   echo 0 > /proc/sys/net/ipv4/tcp_timestamps     &
add line below to etc/sysctl.conf (create the file if it does not already exist):
   net.ipv4.tcp_timestamps = 0

Q3:
if sysctl.conf does not exist, is that the only line to add in or we ought to
add a few other lines to make the parameters "balanced".  I recall I used
to tweak /etc/system & several parameters need to be inside this system file
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

savoneCommented:
I am not sure about Solaris, but in Linux you would edit the /etc/sysctl.conf file.  And edit or add the following line to make it look like this:

net.ipv4.tcp_timestamps = 0
0
sunhuxAuthor Commented:
Thanks;  but I'll need it specifically for Solaris x86  Ver 10 & 11
0
savoneCommented:
Just have to do some googling.... Looks to be the same for Solaris according to Oracle.

https://docs.oracle.com/cd/E26576_01/doc.312/e24936/tuning-os.htm

Quote:
Additionally, create an /etc/sysctl.conf file and append it with the following values:

<-- begin
 #Disables packet forwarding
net.ipv4.ip_forward = 0
#Enables source route verification
net.ipv4.conf.default.rp_filter = 1
#Disables the magic-sysrq key
kernel.sysrq = 0
fs.file-max=65536
vm.bdflush = 100 1200 128 512 15 5000 500 1884 2
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_max= 262143
net.core.rmem_default = 262143
net.ipv4.tcp_rmem = 4096 131072 262143
net.ipv4.tcp_wmem = 4096 131072 262143
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
kernel.shmmax = 67108864
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

gheistCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunhuxAuthor Commented:
I'm confused as understand from Savone's link the parameter is tcp_timestamps but Gheist's link  indicates  tcp_tstamp_always

So if the file sysctl.conf is not there, I'll need to create one & enter all
those lines indicated by Savone & not just one line?
0
sunhuxAuthor Commented:
Instead of sysctl.conf, link below indicates /etc/system :
http://slaptijack.com/system-administration/solaris-tcp-performance-tuning/

I'm on Solaris x86  Ver 10 & 11  (running in VMs)
0
sunhuxAuthor Commented:
I'm confused, which of the 3 variations below to choose (note that
I don't have the luxury to test it out) :

echo 0 > /proc/sys/net/ipv4/tcp_tstamp_always
     OR
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
     OR
sudo ndd -set /dev/tcp tcp_tstamp_if_wscale 0   ??
0
sunhuxAuthor Commented:
Does Solaris x86  V10/11 comes preinstalled with iptables ?
0
savoneCommented:
The link I gave you is from Oracle directly.

"Additionally, create an /etc/sysctl.conf file and append it with the following values"

You have to CREATE the file.

You ONLY have to add the lines that pertain to what you are trying to do, not ALL of them.

In your case this line:
net.ipv4.tcp_timestamps = 0

Good luck!
0
sunhuxAuthor Commented:
But the link Gheist gave is also from Oracle

If only I have the luxury of testing them out...
0
savoneCommented:
The link Gheist gave you is from slaptijack.com, but it about Solaris.

Here is a thread on testing tcp timestamps for RedHat, perhaps it will work for you.

http://www.experts-exchange.com/Security/Operating_Systems_Security/Linux/Q_28461153.html
0
sunhuxAuthor Commented:
The slaptijack link is from me.

What Gheist gave & it indicates another parameter tcp_tstamp_always :
https://docs.oracle.com/cd/E19455-01/816-0607/6m735r5ga/index.html
0
sunhuxAuthor Commented:
Managed to get hold of a Solaris x86 to verify:

ndd -set /dev/tcp tcp_tstamp_if_wscale 1
& add the above line into /etc/system

(I wud rather add it as /etc/init.d/S99diststamp startup script
0
sunhuxAuthor Commented:
No iptables in our Solaris x86
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.