diff mbox

[3/7] netfilter: synproxy: correct wscale option passing

Message ID 1385024728-4057-4-git-send-email-pablo@netfilter.org
State Accepted
Headers show

Commit Message

Pablo Neira Ayuso Nov. 21, 2013, 9:05 a.m. UTC 
From: Martin Topholm <mph@one.com>

Timestamp are used to store additional syncookie parameters such as sack,
ecn, and wscale. The wscale value we need to encode is the client's
wscale, since we can't recover that later in the session. Next overwrite
the wscale option so the later synproxy_send_client_synack will send
the backend's wscale to the client.

Signed-off-by: Martin Topholm <mph@one.com>
Reviewed-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_synproxy_core.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Comments

Sergei Shtylyov Nov. 22, 2013, 5:19 p.m. UTC | #1 
Hello.

On 21-11-2013 13:05, Pablo Neira Ayuso wrote:

> From: Martin Topholm <mph@one.com>

> Timestamp are used to store additional syncookie parameters such as sack,
> ecn, and wscale. The wscale value we need to encode is the client's
> wscale, since we can't recover that later in the session. Next overwrite
> the wscale option so the later synproxy_send_client_synack will send
> the backend's wscale to the client.

> Signed-off-by: Martin Topholm <mph@one.com>
> Reviewed-by: Jesper Dangaard Brouer <brouer@redhat.com>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
>   net/netfilter/nf_synproxy_core.c |    7 ++++---
>   1 file changed, 4 insertions(+), 3 deletions(-)

> diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
> index cdf4567..9858e3e 100644
> --- a/net/netfilter/nf_synproxy_core.c
> +++ b/net/netfilter/nf_synproxy_core.c
> @@ -151,9 +151,10 @@ void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
>   	opts->tsecr = opts->tsval;
>   	opts->tsval = tcp_time_stamp & ~0x3f;
>
> -	if (opts->options & XT_SYNPROXY_OPT_WSCALE)
> -		opts->tsval |= info->wscale;
> -	else
> +	if (opts->options & XT_SYNPROXY_OPT_WSCALE) {
> +		opts->tsval |= opts->wscale;
> +		opts->wscale = info->wscale;
> +	} else
>   		opts->tsval |= 0xf;

    According to Documentation/CodingStyle, both arms of *if* statement should 
have {} if one arm has it.

WBR, Sergei

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
index cdf4567..9858e3e 100644
--- a/net/netfilter/nf_synproxy_core.c
+++ b/net/netfilter/nf_synproxy_core.c
@@ -151,9 +151,10 @@  void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
 	opts->tsecr = opts->tsval;
 	opts->tsval = tcp_time_stamp & ~0x3f;
 
-	if (opts->options & XT_SYNPROXY_OPT_WSCALE)
-		opts->tsval |= info->wscale;
-	else
+	if (opts->options & XT_SYNPROXY_OPT_WSCALE) {
+		opts->tsval |= opts->wscale;
+		opts->wscale = info->wscale;
+	} else
 		opts->tsval |= 0xf;
 
 	if (opts->options & XT_SYNPROXY_OPT_SACK_PERM)