On Tue, Jun 04, 2013 at 11:09:27AM -0400, Phil Oester wrote:
> As reported in bug #662, the clamp-mss-to-pmtu option of the xt_TCPMSS target
> can cause issues connecting to websites if there was no MSS option present in
> the original SYN packet from the client. In these cases, it adds an MSS higher
> than the default specified in RFC 879. Fix this by never setting a value > 536
> IFF none was specified by the client.
>
> This closes bug #662.
Applied to the nf tree, thanks Phil.
BTW, this target does not seem to make safe fragmentation handling. We
need a patch similar to:
commit bc6bcb59dd7c184d229f9e86d08aa56059938a4c
Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Tue May 7 03:22:18 2013 +0200
netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
