netfilter: synproxy: correct wscale option passing
authorMartin Topholm <mph@one.com>
Thu, 14 Nov 2013 14:35:31 +0000 (15:35 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 18 Nov 2013 11:53:38 +0000 (12:53 +0100)
Timestamp are used to store additional syncookie parameters such as sack,
ecn, and wscale. The wscale value we need to encode is the client's
wscale, since we can't recover that later in the session. Next overwrite
the wscale option so the later synproxy_send_client_synack will send
the backend's wscale to the client.

Signed-off-by: Martin Topholm <mph@one.com>
Reviewed-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_synproxy_core.c

index cdf4567ba9b330929aec53eb1c75d57a7047106e..9858e3e51a3a049ce796b3ed625e3d3ad8bbe5cc 100644 (file)
@@ -151,9 +151,10 @@ void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
        opts->tsecr = opts->tsval;
        opts->tsval = tcp_time_stamp & ~0x3f;
 
-       if (opts->options & XT_SYNPROXY_OPT_WSCALE)
-               opts->tsval |= info->wscale;
-       else
+       if (opts->options & XT_SYNPROXY_OPT_WSCALE) {
+               opts->tsval |= opts->wscale;
+               opts->wscale = info->wscale;
+       } else
                opts->tsval |= 0xf;
 
        if (opts->options & XT_SYNPROXY_OPT_SACK_PERM)