diff options
author | Petar Penkov <ppenkov@google.com> | 2019-08-27 16:46:22 -0700 |
---|---|---|
committer | Daniel Borkmann <daniel@iogearbox.net> | 2019-08-31 00:58:06 +0200 |
commit | 0741be358d5adc266244f909e4434fe17fe1a109 (patch) | |
tree | 74e69cb50b03bafee5c53ec616a60938b7a0cfd3 | |
parent | 736a55309de3f3f620c3af50b5b9a922b8421700 (diff) |
bpf: fix error check in bpf_tcp_gen_syncookie
If a SYN cookie is not issued by tcp_v#_gen_syncookie, then the return
value will be exactly 0, rather than <= 0. Let's change the check to
reflect that, especially since mss is an unsigned value and cannot be
negative.
Fixes: 70d66244317e ("bpf: add bpf_tcp_gen_syncookie helper")
Reported-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Petar Penkov <ppenkov@google.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-rw-r--r-- | net/core/filter.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index 0c1059cdad3d..17bc9af8f156 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5903,7 +5903,7 @@ BPF_CALL_5(bpf_tcp_gen_syncookie, struct sock *, sk, void *, iph, u32, iph_len, default: return -EPROTONOSUPPORT; } - if (mss <= 0) + if (mss == 0) return -ENOENT; return cookie | ((u64)mss << 32); |