diff options
| author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-07-10 06:05:57 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-16 07:17:01 -0400 |
| commit | b83329fb473f29d34d85d642e3a3313bb2871fa9 (patch) | |
| tree | 446974de0e1933d23c2b080b815a31b473b3f736 /net/ipv4 | |
| parent | f41828ee10b36644bb2b2bfa9dd1d02f55aa0516 (diff) | |
netfilter: synproxy: fix erroneous tcp mss option
Now synproxy sends the mss value set by the user on client syn-ack packet
instead of the mss value that client announced.
Fixes: 48b1de4c110a ("netfilter: add SYNPROXY core/target")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/ipt_SYNPROXY.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c index 8e7f84ec783d..0e70f3f65f6f 100644 --- a/net/ipv4/netfilter/ipt_SYNPROXY.c +++ b/net/ipv4/netfilter/ipt_SYNPROXY.c | |||
| @@ -36,6 +36,8 @@ synproxy_tg4(struct sk_buff *skb, const struct xt_action_param *par) | |||
| 36 | opts.options |= XT_SYNPROXY_OPT_ECN; | 36 | opts.options |= XT_SYNPROXY_OPT_ECN; |
| 37 | 37 | ||
| 38 | opts.options &= info->options; | 38 | opts.options &= info->options; |
| 39 | opts.mss_encode = opts.mss; | ||
| 40 | opts.mss = info->mss; | ||
| 39 | if (opts.options & XT_SYNPROXY_OPT_TIMESTAMP) | 41 | if (opts.options & XT_SYNPROXY_OPT_TIMESTAMP) |
| 40 | synproxy_init_timestamp_cookie(info, &opts); | 42 | synproxy_init_timestamp_cookie(info, &opts); |
| 41 | else | 43 | else |