Jan Engelhardt wrote: > On Tuesday 2009-03-24 22:12, Steven Jan Springl wrote: > >> Is there a problem with mss in this release? >> If I specify rule: >> -A OUTPUT -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1000:1500 -j ACCEPT >> I get error: >> Invalid mss '1000' specified. >> >> It appears that mss values less than 65536 are rejected, while values of 65536 >> or greater are accepted. Is this not the wrong way around? > > Indeed. There is an uncommon coding pattern (compared to the rest of > the iptables sources) in the function at hand. Patch below. > > usually: > if (!strtoui(...)) > you_fail; > return ok; > libxt_tcpmss: > if (strtoui(...)) > return ok; > you_fail; > > Pullable from the usual location at git://dev.medozas.de/iptables > > Updating 6e70f46..ed7925b > Fast forward > extensions/libxt_tcpmss.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > parent 6e70f46f2a146bb7c657f71724c999147a5925dc (v1.4.3.1) > commit ed7925b77010dd17531ea0424b49d2b72af4add9 > Author: Jan Engelhardt <jengelh@xxxxxxxxxx> > Date: Tue Mar 24 22:26:25 2009 +0100 > > libxt_tcpmss: fix an inversion while parsing --mss > > Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx> Applied. Thanks. I guess that will have to release another 1.4.3.2 soon. We needed more -rc before the final release I guess. I'm going to wait a bit more to catch up more problems and then proceed. -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
