diff --git a/xdp-synproxy/xdp_synproxy.bpf.c b/xdp-synproxy/xdp_synproxy.bpf.c index 56234373..c4c87493 100644 --- a/xdp-synproxy/xdp_synproxy.bpf.c +++ b/xdp-synproxy/xdp_synproxy.bpf.c @@ -56,7 +56,7 @@ #define DEFAULT_MSS4 1460 #define DEFAULT_MSS6 1440 -#define DEFAULT_WSCALE 7 +#define DEFAULT_WSCALE 0 #define DEFAULT_TTL 64 #define MAX_ALLOWED_PORTS 8 @@ -488,6 +488,9 @@ static __always_inline __u8 tcp_mkoptions(__be32 *buf, __be32 *tsopt, __u16 mss, if (!tsopt) return buf - start; + if ( wscale == 0 ) + return buf - start; + if (tsopt[0] & bpf_htonl(1 << 4)) *buf++ = bpf_htonl((TCPOPT_SACK_PERM << 24) | (TCPOLEN_SACK_PERM << 16) | diff --git a/xdp-synproxy/xdp_synproxy.c b/xdp-synproxy/xdp_synproxy.c index 5f7802c4..a234e631 100644 --- a/xdp-synproxy/xdp_synproxy.c +++ b/xdp-synproxy/xdp_synproxy.c @@ -84,8 +84,8 @@ static void parse_options(int argc, char *argv[], unsigned int *ifindex, __u32 * { "ports", required_argument, NULL, 'p' }, { NULL, 0, NULL, 0 }, }; - unsigned long mss4, wscale, ttl; - unsigned long long mss6; + + unsigned long mss4 = 0, mss6 = 0, wscale = 0, ttl = 0; unsigned int tcpipopts_mask = 0; if (argc < 2) @@ -143,12 +143,18 @@ static void parse_options(int argc, char *argv[], unsigned int *ifindex, __u32 * if (optind < argc) help(argv[0]); - if (tcpipopts_mask == 0xf) { - if (mss4 == 0 || mss6 == 0 || wscale == 0 || ttl == 0) - help(argv[0]); - *tcpipopts = (mss6 << 32) | (ttl << 24) | (wscale << 16) | mss4; - } else if (tcpipopts_mask != 0) { - help(argv[0]); + // Construct tcpipopts based on provided options + if (tcpipopts_mask & (1 << 0)) { // mss4 provided + *tcpipopts |= mss4; + } + if (tcpipopts_mask & (1 << 1)) { // mss6 provided + *tcpipopts |= ((unsigned long long)mss6 << 32); + } + if (tcpipopts_mask & (1 << 2)) { // wscale provided + *tcpipopts |= ((unsigned long long)wscale << 16); + } + if (tcpipopts_mask & (1 << 3)) { // ttl provided + *tcpipopts |= ((unsigned long long)ttl << 24); } if (*ifindex != 0 && *prog_id != 0)