Commit a6441b7a authored by Martin Topholm's avatar Martin Topholm Committed by Pablo Neira Ayuso

netfilter: synproxy: send mss option to backend

When the synproxy_parse_options is called on the client ack the mss
option will not be present. Consequently mss wont be included in the
backend syn packet, which falls back to 536 bytes mss.

Therefore XT_SYNPROXY_OPT_MSS is explicitly flagged when recovering mss
value from cookie.
Signed-off-by: default avatarMartin Topholm <mph@one.com>
Reviewed-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 48192248
...@@ -244,6 +244,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet, ...@@ -244,6 +244,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
this_cpu_inc(snet->stats->cookie_valid); this_cpu_inc(snet->stats->cookie_valid);
opts->mss = mss; opts->mss = mss;
opts->options |= XT_SYNPROXY_OPT_MSS;
if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
synproxy_check_timestamp_cookie(opts); synproxy_check_timestamp_cookie(opts);
......
...@@ -259,6 +259,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet, ...@@ -259,6 +259,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet,
this_cpu_inc(snet->stats->cookie_valid); this_cpu_inc(snet->stats->cookie_valid);
opts->mss = mss; opts->mss = mss;
opts->options |= XT_SYNPROXY_OPT_MSS;
if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP)
synproxy_check_timestamp_cookie(opts); synproxy_check_timestamp_cookie(opts);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment