Zhongqiu Duan <dzq.aishenghu0@xxxxxxxxx> wrote: > The mss and wscale fields is optional for synproxy statement, this patch > to make the same behavior for synproxy object, and also makes the > timestamp and sack-perm flags no longer order-sensitive. Whats the use case for omitting the mss field? It seems this should be made mandatory, no? Also I think we should reject wscale > 14 from the parsers (can be done in extra patch). And also reject it in kernel by updating the nla_policy in net/netfiler/nft_synproxy.c in the kernel.
