Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7722e0d1 authored by Gao feng's avatar Gao feng Committed by Pablo Neira Ayuso
Browse files

netfilter: xt_TCPMSS: lookup route from proper net namespace 



Otherwise the pmtu will be incorrect.

Signed-off-by: default avatarGao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent de1389b1

net/netfilter/xt_TCPMSS.c

+5 −3
Original line number Diff line number Diff line
@@ -43,7 +43,8 @@ optlen(const u_int8_t *opt, unsigned int offset) 
		return opt[offset+1];

}



static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,

static u_int32_t tcpmss_reverse_mtu(struct net *net,

				    const struct sk_buff *skb,

				    unsigned int family)

{

	struct flowi fl;
@@ -64,7 +65,7 @@ static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb, 
	rcu_read_lock();

	ai = nf_get_afinfo(family);

	if (ai != NULL)

		ai->route(&init_net, (struct dst_entry **)&rt, &fl, false);

		ai->route(net, (struct dst_entry **)&rt, &fl, false);

	rcu_read_unlock();



	if (rt != NULL) {
@@ -107,7 +108,8 @@ tcpmss_mangle_packet(struct sk_buff *skb, 
		return -1;



	if (info->mss == XT_TCPMSS_CLAMP_PMTU) {

		unsigned int in_mtu = tcpmss_reverse_mtu(skb, family);

		struct net *net = dev_net(par->in ? par->in : par->out);

		unsigned int in_mtu = tcpmss_reverse_mtu(net, skb, family);



		if (dst_mtu(skb_dst(skb)) <= minlen) {

			net_err_ratelimited("unknown or invalid path-MTU (%u)\n",