Commit c1898c4c authored Nov 14, 2013 by Martin Topholm Committed by Pablo Neira Ayuso Nov 18, 2013

netfilter: synproxy: correct wscale option passing



Timestamp are used to store additional syncookie parameters such as sack,
ecn, and wscale. The wscale value we need to encode is the client's
wscale, since we can't recover that later in the session. Next overwrite
the wscale option so the later synproxy_send_client_synack will send
the backend's wscale to the client.

Signed-off-by: Martin Topholm <mph@one.com>
Reviewed-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent a6441b7a

net/netfilter/nf_synproxy_core.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -151,9 +151,10 @@ void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
		opts->tsecr = opts->tsval;
		opts->tsval = tcp_time_stamp & ~0x3f;

		if (opts->options & XT_SYNPROXY_OPT_WSCALE)
		opts->tsval \|= info->wscale;
		else
		if (opts->options & XT_SYNPROXY_OPT_WSCALE) {
		opts->tsval \|= opts->wscale;
		opts->wscale = info->wscale;
		} else
		opts->tsval \|= 0xf;

		if (opts->options & XT_SYNPROXY_OPT_SACK_PERM)