[2/2] netfilter: synproxy: correct wscale option passing

Message ID	1384439731-16296-3-git-send-email-mph@one.com
State	Awaiting Upstream, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Martin Topholm <mph@one.com> To: pablo@netfilter.org Cc: brouer@redhat.com, kaber@trash.net, netfilter-devel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH 2/2] netfilter: synproxy: correct wscale option passing Date: Thu, 14 Nov 2013 15:35:31 +0100 Message-Id: <1384439731-16296-3-git-send-email-mph@one.com> In-Reply-To: <1384439731-16296-1-git-send-email-mph@one.com> References: <1384439731-16296-1-git-send-email-mph@one.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

1384439731-16296-3-git-send-email-mph@one.com

State

Awaiting Upstream, archived

Delegated to:

David Miller

Headers

From: Martin Topholm <mph@one.com>
To: pablo@netfilter.org
Cc: brouer@redhat.com, kaber@trash.net,
	netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH 2/2] netfilter: synproxy: correct wscale option passing
Date: Thu, 14 Nov 2013 15:35:31 +0100
Message-Id: <1384439731-16296-3-git-send-email-mph@one.com>
In-Reply-To: <1384439731-16296-1-git-send-email-mph@one.com>
References: <1384439731-16296-1-git-send-email-mph@one.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Martin Topholm Nov. 14, 2013, 2:35 p.m. UTC

Timestamp are used to store additional syncookie parameters such as sack,
ecn, and wscale. The wscale value we need to encode is the client's
wscale, since we can't recover that later in the session. Next overwrite
the wscale option so the later synproxy_send_client_synack will send
the backend's wscale to the client.

Signed-off-by: Martin Topholm <mph@one.com>
Reviewed-by: Jesper Dangaard Brouer <brouer@redhat.com>
---
 net/netfilter/nf_synproxy_core.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Pablo Neira Ayuso Nov. 19, 2013, 2:35 p.m. UTC | #1

On Thu, Nov 14, 2013 at 03:35:31PM +0100, Martin Topholm wrote:
> Timestamp are used to store additional syncookie parameters such as sack,
> ecn, and wscale. The wscale value we need to encode is the client's
> wscale, since we can't recover that later in the session. Next overwrite
> the wscale option so the later synproxy_send_client_synack will send
> the backend's wscale to the client.

Also applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
index cdf4567..9858e3e 100644
--- a/net/netfilter/nf_synproxy_core.c
+++ b/net/netfilter/nf_synproxy_core.c
@@ -151,9 +151,10 @@  void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
 	opts->tsecr = opts->tsval;
 	opts->tsval = tcp_time_stamp & ~0x3f;
 
-	if (opts->options & XT_SYNPROXY_OPT_WSCALE)
-		opts->tsval |= info->wscale;
-	else
+	if (opts->options & XT_SYNPROXY_OPT_WSCALE) {
+		opts->tsval |= opts->wscale;
+		opts->wscale = info->wscale;
+	} else
 		opts->tsval |= 0xf;
 
 	if (opts->options & XT_SYNPROXY_OPT_SACK_PERM)

[2/2] netfilter: synproxy: correct wscale option passing

Commit Message

Comments

Patch