From f8fa89b245d929aee9884937fdcf44a6551df4cf Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Fri, 9 Aug 2024 14:21:59 +1000
Subject: [PATCH] Add details on `tcp_timestamps`

---
 usr/lib/sysctl.d/990-security-misc.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 800e626..481f463 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -347,9 +347,14 @@ net.ipv6.conf.default.accept_ra=0
 #net.ipv4.tcp_dsack=0
 
 ## Disable TCP timestamps to limit device fingerprinting via system time.
+## Timestamps allows round-trip time measurement and protection against wrapped sequence numbers.
+## Disabling timestamps on very fast links is likely to cause TCP Sequence Numbers to wrap.
+## Segments with wrapped numbers will be incorrectly discarded, reducing network performance.
 ##
+## https://datatracker.ietf.org/doc/html/rfc1323
 ## https://forums.whonix.org/t/do-ntp-and-tcp-timestamps-really-leak-your-local-time/7824
 ## https://web.archive.org/web/20170201160732/https://mailman.boum.org/pipermail/tails-dev/2013-December/004520.html
+## https://access.redhat.com/sites/default/files/attachments/20150325_network_performance_tuning.pdf
 ##
 net.ipv4.tcp_timestamps=0