From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 2/7] netfilter: synproxy: send mss option to backend
Date: Thu, 21 Nov 2013 10:05:23 +0100 [thread overview]
Message-ID: <1385024728-4057-3-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1385024728-4057-1-git-send-email-pablo@netfilter.org>
From: Martin Topholm <mph@one.com>
When the synproxy_parse_options is called on the client ack the mss
option will not be present. Consequently mss wont be included in the
backend syn packet, which falls back to 536 bytes mss.
Therefore XT_SYNPROXY_OPT_MSS is explicitly flagged when recovering mss
value from cookie.
Signed-off-by: Martin Topholm <mph@one.com>
Reviewed-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/ipv4/netfilter/ipt_SYNPROXY.c | 1 +
net/ipv6/netfilter/ip6t_SYNPROXY.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index 01cffea..f13bd91 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -244,6 +244,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
this_cpu_inc(snet->stats->cookie_valid);
opts->mss = mss;
+ opts->options |= XT_SYNPROXY_OPT_MSS;
if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
synproxy_check_timestamp_cookie(opts);
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c
index bf9f612..f78f41a 100644
--- a/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@ -259,6 +259,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
this_cpu_inc(snet->stats->cookie_valid);
opts->mss = mss;
+ opts->options |= XT_SYNPROXY_OPT_MSS;
if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
synproxy_check_timestamp_cookie(opts);
--
1.7.10.4
next prev parent reply other threads:[~2013-11-21 9:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-21 9:05 [PATCH 0/7] netfilter fixes for net Pablo Neira Ayuso
2013-11-21 9:05 ` [PATCH 1/7] netfilter: fix connlimit Kconfig prompt string Pablo Neira Ayuso
2013-11-21 9:05 ` Pablo Neira Ayuso [this message]
2013-11-21 9:05 ` [PATCH 3/7] netfilter: synproxy: correct wscale option passing Pablo Neira Ayuso
2013-11-22 17:19 ` Sergei Shtylyov
2013-11-21 9:05 ` [PATCH 4/7] netfilter: fix wrong byte order in nf_ct_seqadj_set internal information Pablo Neira Ayuso
2013-11-22 17:16 ` Sergei Shtylyov
2013-11-21 9:05 ` [PATCH 5/7] netfilter: nft_compat: fix error path in nft_parse_compat() Pablo Neira Ayuso
2013-11-21 9:05 ` [PATCH 6/7] netfilter: nf_conntrack: decrement global counter after object release Pablo Neira Ayuso
2013-11-21 9:05 ` [PATCH 7/7] netfilter: ebt_ip6: fix source and destination matching Pablo Neira Ayuso
2013-11-21 17:45 ` [PATCH 0/7] netfilter fixes for net David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1385024728-4057-3-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).