path: root/extensions/
diff options
authorPhil Sutter <>2017-10-09 15:47:39 +0200
committerPablo Neira Ayuso <>2017-10-17 14:12:47 +0200
commitdbbab0aa328f136502373a1031e64eb53fa113e5 (patch)
tree557f0aaee2a2d7059f208b29d8b90860f78f08a2 /extensions/
parent0e9582814a201a29be42d096fe36723fa16078da (diff)
extensions: libxt_tcpmss: Detect invalid ranges
Previously, an MSS range of e.g. 65535:1000 was silently accepted but would then never match a packet since the kernel checks whether the MSS value is greater than or equal to the first *and* less than or equal to the second value. Detect this as a parameter problem and update the man page accordingly. Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'extensions/')
1 files changed, 1 insertions, 1 deletions
diff --git a/extensions/ b/extensions/
index 8ee715cd..8253c363 100644
--- a/extensions/
+++ b/extensions/
@@ -1,4 +1,4 @@
This matches the TCP MSS (maximum segment size) field of the TCP header. You can only use this on TCP SYN or SYN/ACK packets, since the MSS is only negotiated during the TCP handshake at connection startup time.
[\fB!\fP] \fB\-\-mss\fP \fIvalue\fP[\fB:\fP\fIvalue\fP]
-Match a given TCP MSS value or range.
+Match a given TCP MSS value or range. If a range is given, the second \fIvalue\fP must be greater than or equal to the first \fIvalue\fP.