ChangeSet 1.2229.1.9, 2005/03/18 10:37:41-08:00, [EMAIL PROTECTED]
[NETFILTER]: Use correct IPSEC MTU in TCPMSS
This patch makes ipt_TCPMSS use the correct MTU value for clamping.
This is a bit tricky actually since TCPMSS can be used in FORWARD,
LOCAL_OUT as well as POST_ROUTING.
In the first two cases we haven't performed IPsec yet so dst_mtu
obviously does the right thing. As it is, POST_ROUTING is performed
after xfrm_output so MSS clamping is useless there.
With Patrick's IPsec netfilter stuff, there will be a POST_ROUTING
processing before IPsec processing, in which case dst_mtu also returns
exactly what we want.
Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
ipt_TCPMSS.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff -Nru a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
--- a/net/ipv4/netfilter/ipt_TCPMSS.c 2005-03-18 14:10:04 -08:00
+++ b/net/ipv4/netfilter/ipt_TCPMSS.c 2005-03-18 14:10:04 -08:00
@@ -87,14 +87,14 @@
return NF_DROP; /* or IPT_CONTINUE ?? */
}
- if(dst_pmtu((*pskb)->dst) <= (sizeof(struct iphdr) +
sizeof(struct tcphdr))) {
+ if(dst_mtu((*pskb)->dst) <= (sizeof(struct iphdr) +
sizeof(struct tcphdr))) {
if (net_ratelimit())
printk(KERN_ERR
- "ipt_tcpmss_target: unknown or invalid
path-MTU (%d)\n", dst_pmtu((*pskb)->dst));
+ "ipt_tcpmss_target: unknown or invalid
path-MTU (%d)\n", dst_mtu((*pskb)->dst));
return NF_DROP; /* or IPT_CONTINUE ?? */
}
- newmss = dst_pmtu((*pskb)->dst) - sizeof(struct iphdr) -
sizeof(struct tcphdr);
+ newmss = dst_mtu((*pskb)->dst) - sizeof(struct iphdr) -
sizeof(struct tcphdr);
} else
newmss = tcpmssinfo->mss;
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
