diff options
author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-07-10 12:05:57 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-16 13:17:01 +0200 |
commit | b83329fb473f29d34d85d642e3a3313bb2871fa9 (patch) | |
tree | 446974de0e1933d23c2b080b815a31b473b3f736 /net/ipv6 | |
parent | f41828ee10b36644bb2b2bfa9dd1d02f55aa0516 (diff) | |
download | linux-stable-b83329fb473f29d34d85d642e3a3313bb2871fa9.tar.gz linux-stable-b83329fb473f29d34d85d642e3a3313bb2871fa9.tar.bz2 linux-stable-b83329fb473f29d34d85d642e3a3313bb2871fa9.zip |
netfilter: synproxy: fix erroneous tcp mss option
Now synproxy sends the mss value set by the user on client syn-ack packet
instead of the mss value that client announced.
Fixes: 48b1de4c110a ("netfilter: add SYNPROXY core/target")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6t_SYNPROXY.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c index e77ea1ed5edd..5cdb4a69d277 100644 --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c @@ -36,6 +36,8 @@ synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par) opts.options |= XT_SYNPROXY_OPT_ECN; opts.options &= info->options; + opts.mss_encode = opts.mss; + opts.mss = info->mss; if (opts.options & XT_SYNPROXY_OPT_TIMESTAMP) synproxy_init_timestamp_cookie(info, &opts); else |