aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/netfilter/xt_TCPMSS.c42
1 files changed, 13 insertions, 29 deletions
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 217e2b68632..beb5094703c 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -147,17 +147,21 @@ tcpmss_mangle_packet(struct sk_buff *skb,
147 return TCPOLEN_MSS; 147 return TCPOLEN_MSS;
148} 148}
149 149
150static u_int32_t tcpmss_reverse_mtu4(const struct iphdr *iph) 150static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
151 unsigned int family)
151{ 152{
152 struct flowi fl = { 153 struct flowi fl = {};
153 .fl4_dst = iph->saddr,
154 };
155 const struct nf_afinfo *ai; 154 const struct nf_afinfo *ai;
156 struct rtable *rt = NULL; 155 struct rtable *rt = NULL;
157 u_int32_t mtu = ~0U; 156 u_int32_t mtu = ~0U;
158 157
158 if (family == PF_INET)
159 fl.fl4_dst = ip_hdr(skb)->saddr;
160 else
161 fl.fl6_dst = ipv6_hdr(skb)->saddr;
162
159 rcu_read_lock(); 163 rcu_read_lock();
160 ai = nf_get_afinfo(AF_INET); 164 ai = nf_get_afinfo(family);
161 if (ai != NULL) 165 if (ai != NULL)
162 ai->route((struct dst_entry **)&rt, &fl); 166 ai->route((struct dst_entry **)&rt, &fl);
163 rcu_read_unlock(); 167 rcu_read_unlock();
@@ -178,7 +182,8 @@ tcpmss_tg4(struct sk_buff *skb, const struct net_device *in,
178 __be16 newlen; 182 __be16 newlen;
179 int ret; 183 int ret;
180 184
181 ret = tcpmss_mangle_packet(skb, targinfo, tcpmss_reverse_mtu4(iph), 185 ret = tcpmss_mangle_packet(skb, targinfo,
186 tcpmss_reverse_mtu(skb, PF_INET),
182 iph->ihl * 4, 187 iph->ihl * 4,
183 sizeof(*iph) + sizeof(struct tcphdr)); 188 sizeof(*iph) + sizeof(struct tcphdr));
184 if (ret < 0) 189 if (ret < 0)
@@ -193,28 +198,6 @@ tcpmss_tg4(struct sk_buff *skb, const struct net_device *in,
193} 198}
194 199
195#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) 200#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
196static u_int32_t tcpmss_reverse_mtu6(const struct ipv6hdr *iph)
197{
198 struct flowi fl = {
199 .fl6_dst = iph->saddr,
200 };
201 const struct nf_afinfo *ai;
202 struct rtable *rt = NULL;
203 u_int32_t mtu = ~0U;
204
205 rcu_read_lock();
206 ai = nf_get_afinfo(AF_INET6);
207 if (ai != NULL)
208 ai->route((struct dst_entry **)&rt, &fl);
209 rcu_read_unlock();
210
211 if (rt != NULL) {
212 mtu = dst_mtu(&rt->u.dst);
213 dst_release(&rt->u.dst);
214 }
215 return mtu;
216}
217
218static unsigned int 201static unsigned int
219tcpmss_tg6(struct sk_buff *skb, const struct net_device *in, 202tcpmss_tg6(struct sk_buff *skb, const struct net_device *in,
220 const struct net_device *out, unsigned int hooknum, 203 const struct net_device *out, unsigned int hooknum,
@@ -229,7 +212,8 @@ tcpmss_tg6(struct sk_buff *skb, const struct net_device *in,
229 tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr); 212 tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr);
230 if (tcphoff < 0) 213 if (tcphoff < 0)
231 return NF_DROP; 214 return NF_DROP;
232 ret = tcpmss_mangle_packet(skb, targinfo, tcpmss_reverse_mtu6(ipv6h), 215 ret = tcpmss_mangle_packet(skb, targinfo,
216 tcpmss_reverse_mtu(skb, PF_INET6),
233 tcphoff, 217 tcphoff,
234 sizeof(*ipv6h) + sizeof(struct tcphdr)); 218 sizeof(*ipv6h) + sizeof(struct tcphdr));
235 if (ret < 0) 219 if (ret < 0)