netfilter: rt: account for tcp header size too

This needs to accout for the ipv4/ipv6 header size and the tcp header without options. Fixes: 6b5dc98e8fac0 ("netfilter: rt: add support to fetch path mss") Reported-by: Matteo Croce <technoboy85@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2017-08-28 17:00:12 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-08-28 18:14:30 +0200
commit: 1aff64715edb8565e99337b842d814d636641b50 (patch)
tree: 8f80e1393cecea031f7c6da6c41ed0c747309910 /net
parent: d11dd6cdc3883f3c74f841f4d40dfe57c0b9756c (diff)
download: linux-stable-1aff64715edb8565e99337b842d814d636641b50.tar.gz
linux-stable-1aff64715edb8565e99337b842d814d636641b50.tar.bz2
linux-stable-1aff64715edb8565e99337b842d814d636641b50.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nft_rt.c b/net/netfilter/nft_rt.c
index 61fd3acaa3c9..a6b7d05aeacf 100644
--- a/net/netfilter/nft_rt.c
+++ b/net/netfilter/nft_rt.c
@@ -35,10 +35,11 @@ static u16 get_tcpmss(const struct nft_pktinfo *pkt, const struct dst_entry *skb
 	switch (nft_pf(pkt)) {
 	case NFPROTO_IPV4:
 		fl.u.ip4.daddr = ip_hdr(skb)->saddr;
-		minlen = sizeof(struct iphdr);
+		minlen = sizeof(struct iphdr) + sizeof(struct tcphdr);
 		break;
 	case NFPROTO_IPV6:
 		fl.u.ip6.daddr = ipv6_hdr(skb)->saddr;
+		minlen = sizeof(struct ipv6hdr) + sizeof(struct tcphdr);
 		break;
 	}
author	Florian Westphal <fw@strlen.de>	2017-08-28 17:00:12 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-08-28 18:14:30 +0200
commit	1aff64715edb8565e99337b842d814d636641b50 (patch)
tree	8f80e1393cecea031f7c6da6c41ed0c747309910 /net
parent	d11dd6cdc3883f3c74f841f4d40dfe57c0b9756c (diff)
download	linux-stable-1aff64715edb8565e99337b842d814d636641b50.tar.gz linux-stable-1aff64715edb8565e99337b842d814d636641b50.tar.bz2 linux-stable-1aff64715edb8565e99337b842d814d636641b50.zip