summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2017-08-28 18:00:12 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2017-08-28 19:14:30 +0300
commit1aff64715edb8565e99337b842d814d636641b50 (patch)
tree8f80e1393cecea031f7c6da6c41ed0c747309910
parentd11dd6cdc3883f3c74f841f4d40dfe57c0b9756c (diff)
downloadlinux-1aff64715edb8565e99337b842d814d636641b50.tar.xz
netfilter: rt: account for tcp header size too
This needs to accout for the ipv4/ipv6 header size and the tcp header without options. Fixes: 6b5dc98e8fac0 ("netfilter: rt: add support to fetch path mss") Reported-by: Matteo Croce <technoboy85@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nft_rt.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nft_rt.c b/net/netfilter/nft_rt.c
index 61fd3acaa3c9..a6b7d05aeacf 100644
--- a/net/netfilter/nft_rt.c
+++ b/net/netfilter/nft_rt.c
@@ -35,10 +35,11 @@ static u16 get_tcpmss(const struct nft_pktinfo *pkt, const struct dst_entry *skb
switch (nft_pf(pkt)) {
case NFPROTO_IPV4:
fl.u.ip4.daddr = ip_hdr(skb)->saddr;
- minlen = sizeof(struct iphdr);
+ minlen = sizeof(struct iphdr) + sizeof(struct tcphdr);
break;
case NFPROTO_IPV6:
fl.u.ip6.daddr = ipv6_hdr(skb)->saddr;
+ minlen = sizeof(struct ipv6hdr) + sizeof(struct tcphdr);
break;
}