netfilter: synproxy: send mss option to backend

Linux-MTD Mailing List linux-mtd at lists.infradead.org
Fri Nov 22 17:59:06 EST 2013 

Gitweb:     http://git.infradead.org/?p=mtd-2.6.git;a=commit;h=a6441b7a39f18acb68c83cd738f1310881aa8a0b
Commit:     a6441b7a39f18acb68c83cd738f1310881aa8a0b
Parent:     4819224853dff325f0aabdb3dc527d768fa482e3
Author:     Martin Topholm <mph at one.com>
AuthorDate: Thu Nov 14 15:35:30 2013 +0100
Committer:  Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Mon Nov 18 12:53:36 2013 +0100

    netfilter: synproxy: send mss option to backend
    
    When the synproxy_parse_options is called on the client ack the mss
    option will not be present. Consequently mss wont be included in the
    backend syn packet, which falls back to 536 bytes mss.
    
    Therefore XT_SYNPROXY_OPT_MSS is explicitly flagged when recovering mss
    value from cookie.
    
    Signed-off-by: Martin Topholm <mph at one.com>
    Reviewed-by: Jesper Dangaard Brouer <brouer at redhat.com>
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
---
 net/ipv4/netfilter/ipt_SYNPROXY.c  | 1 +
 net/ipv6/netfilter/ip6t_SYNPROXY.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index 01cffea..f13bd91 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -244,6 +244,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
 
 	this_cpu_inc(snet->stats->cookie_valid);
 	opts->mss = mss;
+	opts->options |= XT_SYNPROXY_OPT_MSS;
 
 	if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
 		synproxy_check_timestamp_cookie(opts);
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c
index bf9f612..f78f41a 100644
--- a/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@ -259,6 +259,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
 
 	this_cpu_inc(snet->stats->cookie_valid);
 	opts->mss = mss;
+	opts->options |= XT_SYNPROXY_OPT_MSS;
 
 	if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
 		synproxy_check_timestamp_cookie(opts);

More information about the linux-mtd-cvs mailing list