I am not exactly sure why 'minlen' only needed to be 40 bytes
sizeof(iph)+tcphdr; does not the IP header must fit entirely
into the MTU?
===
commit db400aa3480d466bc4f2d83f258a861657fc6619
Author: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
Date: Sat Mar 29 16:51:01 2008 +0100
[NETFILTER]: Account for IPv4 options in xt_TCPMSS
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
---
net/netfilter/xt_TCPMSS.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 217e2b6..1662d89 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -179,8 +179,8 @@ tcpmss_tg4(struct sk_buff *skb, const struct net_device *in,
int ret;
ret = tcpmss_mangle_packet(skb, targinfo, tcpmss_reverse_mtu4(iph),
- iph->ihl * 4,
- sizeof(*iph) + sizeof(struct tcphdr));
+ ip_hdrlen(skb),
+ ip_hdrlen(skb) + sizeof(struct tcphdr));
if (ret < 0)
return NF_DROP;
if (ret > 0) {
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
