From 071fa72b1db1ad897c19846720c3df40e9c4d574 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Sun, 27 Aug 2017 22:24:19 +0200
Subject: evaluate: convert expr_rt byteorder when evaluating statment arg

expr_rt might write data in host byte order, so make sure to
convert if needed.

This makes 'tcp option maxseg size rt mtu' actually work, right now such rules
are no-ops because nft_exthdr never increases the mss.

While at it, extend the example to not bother testing non-syn packets.

Reported-by: Matteo Croce <technoboy85@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/nft.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'doc')

diff --git a/doc/nft.xml b/doc/nft.xml
index 4e2730f6..cf933489 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -4274,9 +4274,9 @@ ip forward ip dscp set 42
 				<example>
 					<title>change tcp mss</title>
 					<programlisting>
-tcp option maxseg size set 1360
+tcp flags syn tcp option maxseg size set 1360
 # set a size based on route information:
-tcp option maxseg size set rt mtu
+tcp flags syn tcp option maxseg size set rt mtu
 					</programlisting>
 				</example>
 			</para>
-- 
cgit v1.2.3