aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Topholm <mph@one.com>2013-11-14 09:35:30 -0500
committerPablo Neira Ayuso <pablo@netfilter.org>2013-11-18 06:53:36 -0500
commita6441b7a39f18acb68c83cd738f1310881aa8a0b (patch)
tree4a7eee423866ce6ee48c8a64ba43c30fbe2e97ee
parent4819224853dff325f0aabdb3dc527d768fa482e3 (diff)
netfilter: synproxy: send mss option to backend
When the synproxy_parse_options is called on the client ack the mss option will not be present. Consequently mss wont be included in the backend syn packet, which falls back to 536 bytes mss. Therefore XT_SYNPROXY_OPT_MSS is explicitly flagged when recovering mss value from cookie. Signed-off-by: Martin Topholm <mph@one.com> Reviewed-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/ipv4/netfilter/ipt_SYNPROXY.c1
-rw-r--r--net/ipv6/netfilter/ip6t_SYNPROXY.c1
2 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index 01cffeaa0085..f13bd91d9a56 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -244,6 +244,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
244 244
245 this_cpu_inc(snet->stats->cookie_valid); 245 this_cpu_inc(snet->stats->cookie_valid);
246 opts->mss = mss; 246 opts->mss = mss;
247 opts->options |= XT_SYNPROXY_OPT_MSS;
247 248
248 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) 249 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
249 synproxy_check_timestamp_cookie(opts); 250 synproxy_check_timestamp_cookie(opts);
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c
index bf9f612c1bc2..f78f41aca8e9 100644
--- a/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@ -259,6 +259,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
259 259
260 this_cpu_inc(snet->stats->cookie_valid); 260 this_cpu_inc(snet->stats->cookie_valid);
261 opts->mss = mss; 261 opts->mss = mss;
262 opts->options |= XT_SYNPROXY_OPT_MSS;
262 263
263 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) 264 if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
264 synproxy_check_timestamp_cookie(opts); 265 synproxy_check_timestamp_cookie(opts);