forked from Minki/linux
netfilter: xt_TCPMSS: Fix missing fragmentation handling
Similar to commit bc6bcb59
("netfilter: xt_TCPOPTSTRIP: fix
possible mangling beyond packet boundary"), add safe fragment
handling to xt_TCPMSS.
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
70d19f805f
commit
b396966c46
@ -57,6 +57,10 @@ tcpmss_mangle_packet(struct sk_buff *skb,
|
||||
u16 newmss;
|
||||
u8 *opt;
|
||||
|
||||
/* This is a fragment, no TCP header is available */
|
||||
if (par->fragoff != 0)
|
||||
return XT_CONTINUE;
|
||||
|
||||
if (!skb_make_writable(skb, skb->len))
|
||||
return -1;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user