mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-10 07:10:27 +00:00
netfilter: synproxy: fix erroneous tcp mss option
Now synproxy sends the mss value set by the user on client syn-ack packet instead of the mss value that client announced. Fixes: 48b1de4c110a ("netfilter: add SYNPROXY core/target") Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
f41828ee10
commit
b83329fb47
@ -68,6 +68,7 @@ struct synproxy_options {
|
||||
u8 options;
|
||||
u8 wscale;
|
||||
u16 mss;
|
||||
u16 mss_encode;
|
||||
u32 tsval;
|
||||
u32 tsecr;
|
||||
};
|
||||
|
@ -36,6 +36,8 @@ synproxy_tg4(struct sk_buff *skb, const struct xt_action_param *par)
|
||||
opts.options |= XT_SYNPROXY_OPT_ECN;
|
||||
|
||||
opts.options &= info->options;
|
||||
opts.mss_encode = opts.mss;
|
||||
opts.mss = info->mss;
|
||||
if (opts.options & XT_SYNPROXY_OPT_TIMESTAMP)
|
||||
synproxy_init_timestamp_cookie(info, &opts);
|
||||
else
|
||||
|
@ -36,6 +36,8 @@ synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par)
|
||||
opts.options |= XT_SYNPROXY_OPT_ECN;
|
||||
|
||||
opts.options &= info->options;
|
||||
opts.mss_encode = opts.mss;
|
||||
opts.mss = info->mss;
|
||||
if (opts.options & XT_SYNPROXY_OPT_TIMESTAMP)
|
||||
synproxy_init_timestamp_cookie(info, &opts);
|
||||
else
|
||||
|
@ -470,7 +470,7 @@ synproxy_send_client_synack(struct net *net,
|
||||
struct iphdr *iph, *niph;
|
||||
struct tcphdr *nth;
|
||||
unsigned int tcp_hdr_size;
|
||||
u16 mss = opts->mss;
|
||||
u16 mss = opts->mss_encode;
|
||||
|
||||
iph = ip_hdr(skb);
|
||||
|
||||
@ -884,7 +884,7 @@ synproxy_send_client_synack_ipv6(struct net *net,
|
||||
struct ipv6hdr *iph, *niph;
|
||||
struct tcphdr *nth;
|
||||
unsigned int tcp_hdr_size;
|
||||
u16 mss = opts->mss;
|
||||
u16 mss = opts->mss_encode;
|
||||
|
||||
iph = ipv6_hdr(skb);
|
||||
|
||||
|
@ -31,6 +31,8 @@ static void nft_synproxy_tcp_options(struct synproxy_options *opts,
|
||||
opts->options |= NF_SYNPROXY_OPT_ECN;
|
||||
|
||||
opts->options &= priv->info.options;
|
||||
opts->mss_encode = opts->mss;
|
||||
opts->mss = info->mss;
|
||||
if (opts->options & NF_SYNPROXY_OPT_TIMESTAMP)
|
||||
synproxy_init_timestamp_cookie(info, opts);
|
||||
else
|
||||
|
Loading…
x
Reference in New Issue
Block a user