From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: Ibrahim Ercan <ibrahim.ercan@labristeknoloji.com>,
netfilter-devel@vger.kernel.org, ibrahim.metu@gmail.com
Subject: Re: [PATCH v2] netfilter: synproxy: erroneous TCP mss option fixed.
Date: Thu, 27 Jun 2019 21:27:05 +0200 [thread overview]
Message-ID: <20190627192705.eyy4aond5yl5jjrr@salvia> (raw)
In-Reply-To: <20190627192109.zpkn2vff3ykin6ya@breakpoint.cc>
On Thu, Jun 27, 2019 at 09:21:09PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > On Thu, Jun 27, 2019 at 09:00:19PM +0200, Florian Westphal wrote:
> > > Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > > > > opts.options &= info->options;
> > > > > + client_mssinfo = opts.mss;
> > > > > + opts.mss = info->mss;
> > > >
> > > > No need for this new client_mssinfo variable, right? I mean, you can
> > > > just set:
> > > >
> > > > opts.mss = info->mss;
> > > >
> > > > and use it from synproxy_send_client_synack().
> > >
> > > I thought that as well but we need both mss values,
> > > the one configured in the target (info->mss) and the
> > > ine received from the peer.
> > >
> > > The former is what we announce to peer in the syn/ack
> > > (as tcp option), the latter is what we need to encode
> > > in the syncookie (to decode it on cookie ack).
> >
> > I see, probably place client_mss field into the synproxy_options
> > structure?
>
> I worked on a fix for this too (Ibrahim was faster), I
> tried to rename opts.mss so we have
>
> u16 mss_peer;
> u16 mss_configured;
>
> but I got confused myself as to where which mss is to be used.
>
> perhaps
> u16 mss_option;
> u16 mss_encode;
>
> ... would have been better.
I would leave the opts.mss as is by now. Given there will be a
conflict between nf-next and nf, I was trying to minimize the number
of chunks for this fix, but that's just my preference (I'll have to
sort out this it seems).
Then, adding follow up patches to rename fields would be great indeed
as you suggest.
next prev parent reply other threads:[~2019-06-27 19:27 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-24 12:28 [PATCH] netfilter: synproxy: erroneous TCP mss option fixed İbrahim Ercan
2019-06-24 12:29 ` Florian Westphal
2019-06-25 0:19 ` Pablo Neira Ayuso
2019-06-25 5:42 ` [PATCH v2] " Ibrahim Ercan
2019-06-27 18:57 ` Pablo Neira Ayuso
2019-06-27 19:00 ` Florian Westphal
2019-06-27 19:08 ` Pablo Neira Ayuso
2019-06-27 19:21 ` Florian Westphal
2019-06-27 19:27 ` Pablo Neira Ayuso [this message]
2019-07-01 18:58 ` Pablo Neira Ayuso
2019-07-22 8:31 ` İbrahim Ercan
2019-07-22 8:45 ` Pablo Neira Ayuso
2019-07-22 12:06 ` [PATCH v3] " Ibrahim Ercan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190627192705.eyy4aond5yl5jjrr@salvia \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=ibrahim.ercan@labristeknoloji.com \
--cc=ibrahim.metu@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.