diff options
| author | Fernando Fernandez Mancera | 2019-07-10 12:05:57 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2019-07-16 13:17:01 +0200 |
| commit | b83329fb473f29d34d85d642e3a3313bb2871fa9 (patch) | |
| tree | 446974de0e1933d23c2b080b815a31b473b3f736 /net/netfilter | |
| parent | netfilter: nf_tables: fix module autoload for redir (diff) | |
| download | kernel-qcow2-linux-b83329fb473f29d34d85d642e3a3313bb2871fa9.tar.gz kernel-qcow2-linux-b83329fb473f29d34d85d642e3a3313bb2871fa9.tar.xz kernel-qcow2-linux-b83329fb473f29d34d85d642e3a3313bb2871fa9.zip | |
netfilter: synproxy: fix erroneous tcp mss option
Now synproxy sends the mss value set by the user on client syn-ack packet
instead of the mss value that client announced.
Fixes: 48b1de4c110a ("netfilter: add SYNPROXY core/target")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_synproxy_core.c | 4 | ||||
| -rw-r--r-- | net/netfilter/nft_synproxy.c | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c index b101f187eda8..09718e5a9e41 100644 --- a/net/netfilter/nf_synproxy_core.c +++ b/net/netfilter/nf_synproxy_core.c @@ -470,7 +470,7 @@ synproxy_send_client_synack(struct net *net, struct iphdr *iph, *niph; struct tcphdr *nth; unsigned int tcp_hdr_size; - u16 mss = opts->mss; + u16 mss = opts->mss_encode; iph = ip_hdr(skb); @@ -884,7 +884,7 @@ synproxy_send_client_synack_ipv6(struct net *net, struct ipv6hdr *iph, *niph; struct tcphdr *nth; unsigned int tcp_hdr_size; - u16 mss = opts->mss; + u16 mss = opts->mss_encode; iph = ipv6_hdr(skb); diff --git a/net/netfilter/nft_synproxy.c b/net/netfilter/nft_synproxy.c index 80060ade8a5b..928e661d1517 100644 --- a/net/netfilter/nft_synproxy.c +++ b/net/netfilter/nft_synproxy.c @@ -31,6 +31,8 @@ static void nft_synproxy_tcp_options(struct synproxy_options *opts, opts->options |= NF_SYNPROXY_OPT_ECN; opts->options &= priv->info.options; + opts->mss_encode = opts->mss; + opts->mss = info->mss; if (opts->options & NF_SYNPROXY_OPT_TIMESTAMP) synproxy_init_timestamp_cookie(info, opts); else |