Luca Pesce wrote: > Hi all, > I have a question and a possible patch/mod for target TCPMSS (xt_TCPMSS.c). > At the very beginning of function tcpmss_mangle_packet(), the skb containing the > TCP SYN packet is checked to see if it is containing data (on a side note, SYN > with data is quite unusual...); if so, the packet is drastically dropped. > The reason is explained in RR's comment to the code, I am copy/pasting the > beginning of this function with the length check at the bottom of this mail. > RR says that we cannot change MSS on a packet which is already carrying data > (it would be too late): could we relax this check, seeing if the tcp payload is > less than the MSS we are about to set? We probably could change that. I'm wondering though, did you actually see this in real life? It doesn't seem like a very useful feature, considering all the stacks supporting syn cookies. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
