netfilter: synproxy: send mss option to backend
authorMartin Topholm <mph@one.com>
Thu, 14 Nov 2013 14:35:30 +0000 (15:35 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 18 Nov 2013 11:53:36 +0000 (12:53 +0100)
When the synproxy_parse_options is called on the client ack the mss
option will not be present. Consequently mss wont be included in the
backend syn packet, which falls back to 536 bytes mss.

Therefore XT_SYNPROXY_OPT_MSS is explicitly flagged when recovering mss
value from cookie.

Signed-off-by: Martin Topholm <mph@one.com>
Reviewed-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter/ipt_SYNPROXY.c
net/ipv6/netfilter/ip6t_SYNPROXY.c

index 01cffeaa0085ede5bb802999fc1f29c9e6ec4b7f..f13bd91d9a56774f58dcf14de892b2bedd855cc5 100644 (file)
@@ -244,6 +244,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
 
        this_cpu_inc(snet->stats->cookie_valid);
        opts->mss = mss;
+       opts->options |= XT_SYNPROXY_OPT_MSS;
 
        if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
                synproxy_check_timestamp_cookie(opts);
index bf9f612c1bc24eb9eb0b26fbf7d0a62f74932735..f78f41aca8e90967a026a145f938746ce317cf10 100644 (file)
@@ -259,6 +259,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
 
        this_cpu_inc(snet->stats->cookie_valid);
        opts->mss = mss;
+       opts->options |= XT_SYNPROXY_OPT_MSS;
 
        if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
                synproxy_check_timestamp_cookie(opts);