linux/net/ipv4/netfilter
Martin Topholm a6441b7a39 netfilter: synproxy: send mss option to backend
When the synproxy_parse_options is called on the client ack the mss
option will not be present. Consequently mss wont be included in the
backend syn packet, which falls back to 536 bytes mss.

Therefore XT_SYNPROXY_OPT_MSS is explicitly flagged when recovering mss
value from cookie.

Signed-off-by: Martin Topholm <mph@one.com>
Reviewed-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-11-18 12:53:36 +01:00
..
Kconfig netfilter: nf_tables: add ARP filtering support 2013-10-14 18:01:03 +02:00
Makefile netfilter: nf_tables: add ARP filtering support 2013-10-14 18:01:03 +02:00
arp_tables.c netfilter: x_tables: fix ordering of jumpstack allocation and table update 2013-10-22 10:11:29 +02:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
ip_tables.c netfilter: x_tables: fix ordering of jumpstack allocation and table update 2013-10-22 10:11:29 +02:00
ipt_CLUSTERIP.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2013-11-04 19:46:58 -05:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_MASQUERADE.c netfilter: nf_conntrack: don't send destroy events from iterator 2013-08-09 12:03:33 +02:00
ipt_REJECT.c netfilter: ip[6]t_REJECT: tcp-reset using wrong MAC source if bridged 2013-08-28 00:13:12 +02:00
ipt_SYNPROXY.c netfilter: synproxy: send mss option to backend 2013-11-18 12:53:36 +01:00
ipt_ULOG.c netfilter: ipt_ULOG: fix info leaks 2013-10-02 17:28:36 +02:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_rpfilter.c netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too 2013-04-19 00:11:59 +02:00
iptable_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_mangle.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_nat.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_raw.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_security.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
nf_conntrack_l3proto_ipv4.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_proto_icmp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_defrag_ipv4.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
nf_nat_h323.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_l3proto_ipv4.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_pptp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_proto_gre.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_proto_icmp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_snmp_basic.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_tables_arp.c netfilter: nf_tables: add ARP filtering support 2013-10-14 18:01:03 +02:00
nf_tables_ipv4.c netfilter: nf_tables: remove duplicated include from nf_tables_ipv4.c 2013-11-03 22:36:25 +01:00
nft_chain_nat_ipv4.c netfilter: nf_tables: Add support for IPv6 NAT 2013-10-14 18:00:58 +02:00
nft_chain_route_ipv4.c netfilter: nf_tables: add compatibility layer for x_tables 2013-10-14 18:00:04 +02:00
nft_reject_ipv4.c netfilter: nf_tables: expression ops overloading 2013-10-14 17:16:08 +02:00