From patchwork Thu Nov 14 14:35:30 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Topholm X-Patchwork-Id: 291251 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 6D9AF2C00C6 for ; Fri, 15 Nov 2013 01:43:58 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754024Ab3KNOnx (ORCPT ); Thu, 14 Nov 2013 09:43:53 -0500 Received: from kontorsmtp2.one.com ([195.47.247.17]:41966 "EHLO kontorsmtp2.one.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753746Ab3KNOnt (ORCPT ); Thu, 14 Nov 2013 09:43:49 -0500 Received: from localhost.localdomain (unknown [46.30.211.31]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by kontorsmtp2.one.com (Postfix) with ESMTP id B6522AED8; Thu, 14 Nov 2013 15:35:34 +0100 (CET) From: Martin Topholm To: pablo@netfilter.org Cc: brouer@redhat.com, kaber@trash.net, netfilter-devel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH 1/2] netfilter: synproxy: send mss option to backend Date: Thu, 14 Nov 2013 15:35:30 +0100 Message-Id: <1384439731-16296-2-git-send-email-mph@one.com> X-Mailer: git-send-email 1.8.4 In-Reply-To: <1384439731-16296-1-git-send-email-mph@one.com> References: <1384439731-16296-1-git-send-email-mph@one.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org When the synproxy_parse_options is called on the client ack the mss option will not be present. Consequently mss wont be included in the backend syn packet, which falls back to 536 bytes mss. Therefore XT_SYNPROXY_OPT_MSS is explicitly flagged when recovering mss value from cookie. Signed-off-by: Martin Topholm Reviewed-by: Jesper Dangaard Brouer --- net/ipv4/netfilter/ipt_SYNPROXY.c | 1 + net/ipv6/netfilter/ip6t_SYNPROXY.c | 1 + 2 files changed, 2 insertions(+) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c index 01cffea..f13bd91 100644 --- a/net/ipv4/netfilter/ipt_SYNPROXY.c +++ b/net/ipv4/netfilter/ipt_SYNPROXY.c @@ -244,6 +244,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet, this_cpu_inc(snet->stats->cookie_valid); opts->mss = mss; + opts->options |= XT_SYNPROXY_OPT_MSS; if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) synproxy_check_timestamp_cookie(opts); diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c index bf9f612..f78f41a 100644 --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c @@ -259,6 +259,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet, this_cpu_inc(snet->stats->cookie_valid); opts->mss = mss; + opts->options |= XT_SYNPROXY_OPT_MSS; if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) synproxy_check_timestamp_cookie(opts);