summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--extensions/libxt_tcpmss.c6
-rw-r--r--extensions/libxt_tcpmss.man2
2 files changed, 6 insertions, 2 deletions
diff --git a/extensions/libxt_tcpmss.c b/extensions/libxt_tcpmss.c
index c7c59717..bcd357aa 100644
--- a/extensions/libxt_tcpmss.c
+++ b/extensions/libxt_tcpmss.c
@@ -27,8 +27,12 @@ static void tcpmss_parse(struct xt_option_call *cb)
xtables_option_parse(cb);
mssinfo->mss_min = cb->val.u16_range[0];
mssinfo->mss_max = mssinfo->mss_min;
- if (cb->nvals == 2)
+ if (cb->nvals == 2) {
mssinfo->mss_max = cb->val.u16_range[1];
+ if (mssinfo->mss_max < mssinfo->mss_min)
+ xtables_error(PARAMETER_PROBLEM,
+ "tcpmss: invalid range given");
+ }
if (cb->invert)
mssinfo->invert = 1;
}
diff --git a/extensions/libxt_tcpmss.man b/extensions/libxt_tcpmss.man
index 8ee715cd..8253c363 100644
--- a/extensions/libxt_tcpmss.man
+++ b/extensions/libxt_tcpmss.man
@@ -1,4 +1,4 @@
This matches the TCP MSS (maximum segment size) field of the TCP header. You can only use this on TCP SYN or SYN/ACK packets, since the MSS is only negotiated during the TCP handshake at connection startup time.
.TP
[\fB!\fP] \fB\-\-mss\fP \fIvalue\fP[\fB:\fP\fIvalue\fP]
-Match a given TCP MSS value or range.
+Match a given TCP MSS value or range. If a range is given, the second \fIvalue\fP must be greater than or equal to the first \fIvalue\fP.