diff options
author | David S. Miller <davem@davemloft.net> | 2013-11-21 21:44:15 +0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-11-21 21:44:15 +0400 |
commit | cd2cc01b675007c3ce235c1f172511c6b2a3ecfa (patch) | |
tree | 4b7ac081c771061a58804d7a25f367afcbd35026 /net/ipv6 | |
parent | 3fb69bcadda6263b92dbf8dd74717cba27c77ed9 (diff) | |
parent | acab78b99633f12aa2b697474562e19c5718a1ca (diff) | |
download | linux-cd2cc01b675007c3ce235c1f172511c6b2a3ecfa.tar.xz |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
netfilter fixes for net
The following patchset contains fixes for your net tree, they are:
* Remove extra quote from connlimit configuration in Kconfig, from
Randy Dunlap.
* Fix missing mss option in syn packets sent to the backend in our
new synproxy target, from Martin Topholm.
* Use window scale announced by client when sending the forged
syn to the backend, from Martin Topholm.
* Fix IPv6 address comparison in ebtables, from Luís Fernando
Cornachioni Estrozi.
* Fix wrong endianess in sequence adjustment which breaks helpers
in NAT configurations, from Phil Oester.
* Fix the error path handling of nft_compat, from me.
* Make sure the global conntrack counter is decremented after the
object has been released, also from me.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6t_SYNPROXY.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c index bf9f612c1bc2..f78f41aca8e9 100644 --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c @@ -259,6 +259,7 @@ synproxy_recv_client_ack(const struct synproxy_net *snet, this_cpu_inc(snet->stats->cookie_valid); opts->mss = mss; + opts->options |= XT_SYNPROXY_OPT_MSS; if (opts->options & XT_SYNPROXY_OPT_TIMESTAMP) synproxy_check_timestamp_cookie(opts); |