Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

netfilter: xt_TCPMSS: lookup route from proper net namespace

Browse source 
Otherwise the pmtu will be incorrect.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Gao feng 2013-09-26 15:00:31 +08:00 committed by Pablo Neira Ayuso
parent de1389b116
commit 7722e0d1c0
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
net/netfilter/xt_TCPMSS.c
View file

@ -43,7 +43,8 @@ optlen(const u_int8_t *opt, unsigned int offset)
return opt[offset+1]; return opt[offset+1];
} }
static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb, static u_int32_t tcpmss_reverse_mtu(struct net *net,
const struct sk_buff *skb,
unsigned int family) unsigned int family)
{ {
struct flowi fl; struct flowi fl;
@ -64,7 +65,7 @@ static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
rcu_read_lock(); rcu_read_lock();
ai = nf_get_afinfo(family); ai = nf_get_afinfo(family);
if (ai != NULL) if (ai != NULL)
ai->route(&init_net, (struct dst_entry **)&rt, &fl, false); ai->route(net, (struct dst_entry **)&rt, &fl, false);
rcu_read_unlock(); rcu_read_unlock();
if (rt != NULL) { if (rt != NULL) {
@ -107,7 +108,8 @@ tcpmss_mangle_packet(struct sk_buff *skb,
return -1; return -1;
if (info->mss == XT_TCPMSS_CLAMP_PMTU) { if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
unsigned int in_mtu = tcpmss_reverse_mtu(skb, family); struct net *net = dev_net(par->in ? par->in : par->out);
unsigned int in_mtu = tcpmss_reverse_mtu(net, skb, family);
if (dst_mtu(skb_dst(skb)) <= minlen) { if (dst_mtu(skb_dst(skb)) <= minlen) {
net_err_ratelimited("unknown or invalid path-MTU (%u)\n", net_err_ratelimited("unknown or invalid path-MTU (%u)\n",