Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * This is a module which is used for setting the MSS option in TCP packets.
4 *
5 * Copyright (C) 2000 Marc Boucher <marc@mbsi.ca>
6 * Copyright (C) 2007 Patrick McHardy <kaber@trash.net>
7 */
8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9#include <linux/module.h>
10#include <linux/skbuff.h>
11#include <linux/ip.h>
12#include <linux/gfp.h>
13#include <linux/ipv6.h>
14#include <linux/tcp.h>
15#include <net/dst.h>
16#include <net/flow.h>
17#include <net/ipv6.h>
18#include <net/route.h>
19#include <net/tcp.h>
20
21#include <linux/netfilter_ipv4/ip_tables.h>
22#include <linux/netfilter_ipv6/ip6_tables.h>
23#include <linux/netfilter/x_tables.h>
24#include <linux/netfilter/xt_tcpudp.h>
25#include <linux/netfilter/xt_TCPMSS.h>
26
27MODULE_LICENSE("GPL");
28MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
29MODULE_DESCRIPTION("Xtables: TCP Maximum Segment Size (MSS) adjustment");
30MODULE_ALIAS("ipt_TCPMSS");
31MODULE_ALIAS("ip6t_TCPMSS");
32
33static inline unsigned int
34optlen(const u_int8_t *opt, unsigned int offset)
35{
36 /* Beware zero-length options: make finite progress */
37 if (opt[offset] <= TCPOPT_NOP || opt[offset+1] == 0)
38 return 1;
39 else
40 return opt[offset+1];
41}
42
43static u_int32_t tcpmss_reverse_mtu(struct net *net,
44 const struct sk_buff *skb,
45 unsigned int family)
46{
47 struct flowi fl;
48 struct rtable *rt = NULL;
49 u_int32_t mtu = ~0U;
50
51 if (family == PF_INET) {
52 struct flowi4 *fl4 = &fl.u.ip4;
53 memset(fl4, 0, sizeof(*fl4));
54 fl4->daddr = ip_hdr(skb)->saddr;
55 } else {
56 struct flowi6 *fl6 = &fl.u.ip6;
57
58 memset(fl6, 0, sizeof(*fl6));
59 fl6->daddr = ipv6_hdr(skb)->saddr;
60 }
61
62 nf_route(net, (struct dst_entry **)&rt, &fl, false, family);
63 if (rt != NULL) {
64 mtu = dst_mtu(&rt->dst);
65 dst_release(&rt->dst);
66 }
67 return mtu;
68}
69
70static int
71tcpmss_mangle_packet(struct sk_buff *skb,
72 const struct xt_action_param *par,
73 unsigned int family,
74 unsigned int tcphoff,
75 unsigned int minlen)
76{
77 const struct xt_tcpmss_info *info = par->targinfo;
78 struct tcphdr *tcph;
79 int len, tcp_hdrlen;
80 unsigned int i;
81 __be16 oldval;
82 u16 newmss;
83 u8 *opt;
84
85 /* This is a fragment, no TCP header is available */
86 if (par->fragoff != 0)
87 return 0;
88
89 if (skb_ensure_writable(skb, skb->len))
90 return -1;
91
92 len = skb->len - tcphoff;
93 if (len < (int)sizeof(struct tcphdr))
94 return -1;
95
96 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
97 tcp_hdrlen = tcph->doff * 4;
98
99 if (len < tcp_hdrlen || tcp_hdrlen < sizeof(struct tcphdr))
100 return -1;
101
102 if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
103 struct net *net = xt_net(par);
104 unsigned int in_mtu = tcpmss_reverse_mtu(net, skb, family);
105 unsigned int min_mtu = min(dst_mtu(skb_dst(skb)), in_mtu);
106
107 if (min_mtu <= minlen) {
108 net_err_ratelimited("unknown or invalid path-MTU (%u)\n",
109 min_mtu);
110 return -1;
111 }
112 newmss = min_mtu - minlen;
113 } else
114 newmss = info->mss;
115
116 opt = (u_int8_t *)tcph;
117 for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) {
118 if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) {
119 u_int16_t oldmss;
120
121 oldmss = (opt[i+2] << 8) | opt[i+3];
122
123 /* Never increase MSS, even when setting it, as
124 * doing so results in problems for hosts that rely
125 * on MSS being set correctly.
126 */
127 if (oldmss <= newmss)
128 return 0;
129
130 opt[i+2] = (newmss & 0xff00) >> 8;
131 opt[i+3] = newmss & 0x00ff;
132
133 inet_proto_csum_replace2(&tcph->check, skb,
134 htons(oldmss), htons(newmss),
135 false);
136 return 0;
137 }
138 }
139
140 /* There is data after the header so the option can't be added
141 * without moving it, and doing so may make the SYN packet
142 * itself too large. Accept the packet unmodified instead.
143 */
144 if (len > tcp_hdrlen)
145 return 0;
146
147 /* tcph->doff has 4 bits, do not wrap it to 0 */
148 if (tcp_hdrlen >= 15 * 4)
149 return 0;
150
151 /*
152 * MSS Option not found ?! add it..
153 */
154 if (skb_tailroom(skb) < TCPOLEN_MSS) {
155 if (pskb_expand_head(skb, 0,
156 TCPOLEN_MSS - skb_tailroom(skb),
157 GFP_ATOMIC))
158 return -1;
159 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
160 }
161
162 skb_put(skb, TCPOLEN_MSS);
163
164 /*
165 * IPv4: RFC 1122 states "If an MSS option is not received at
166 * connection setup, TCP MUST assume a default send MSS of 536".
167 * IPv6: RFC 2460 states IPv6 has a minimum MTU of 1280 and a minimum
168 * length IPv6 header of 60, ergo the default MSS value is 1220
169 * Since no MSS was provided, we must use the default values
170 */
171 if (xt_family(par) == NFPROTO_IPV4)
172 newmss = min(newmss, (u16)536);
173 else
174 newmss = min(newmss, (u16)1220);
175
176 opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
177 memmove(opt + TCPOLEN_MSS, opt, len - sizeof(struct tcphdr));
178
179 inet_proto_csum_replace2(&tcph->check, skb,
180 htons(len), htons(len + TCPOLEN_MSS), true);
181 opt[0] = TCPOPT_MSS;
182 opt[1] = TCPOLEN_MSS;
183 opt[2] = (newmss & 0xff00) >> 8;
184 opt[3] = newmss & 0x00ff;
185
186 inet_proto_csum_replace4(&tcph->check, skb, 0, *((__be32 *)opt), false);
187
188 oldval = ((__be16 *)tcph)[6];
189 tcph->doff += TCPOLEN_MSS/4;
190 inet_proto_csum_replace2(&tcph->check, skb,
191 oldval, ((__be16 *)tcph)[6], false);
192 return TCPOLEN_MSS;
193}
194
195static unsigned int
196tcpmss_tg4(struct sk_buff *skb, const struct xt_action_param *par)
197{
198 struct iphdr *iph = ip_hdr(skb);
199 __be16 newlen;
200 int ret;
201
202 ret = tcpmss_mangle_packet(skb, par,
203 PF_INET,
204 iph->ihl * 4,
205 sizeof(*iph) + sizeof(struct tcphdr));
206 if (ret < 0)
207 return NF_DROP;
208 if (ret > 0) {
209 iph = ip_hdr(skb);
210 newlen = htons(ntohs(iph->tot_len) + ret);
211 csum_replace2(&iph->check, iph->tot_len, newlen);
212 iph->tot_len = newlen;
213 }
214 return XT_CONTINUE;
215}
216
217#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
218static unsigned int
219tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par)
220{
221 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
222 u8 nexthdr;
223 __be16 frag_off, oldlen, newlen;
224 int tcphoff;
225 int ret;
226
227 nexthdr = ipv6h->nexthdr;
228 tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr, &frag_off);
229 if (tcphoff < 0)
230 return NF_DROP;
231 ret = tcpmss_mangle_packet(skb, par,
232 PF_INET6,
233 tcphoff,
234 sizeof(*ipv6h) + sizeof(struct tcphdr));
235 if (ret < 0)
236 return NF_DROP;
237 if (ret > 0) {
238 ipv6h = ipv6_hdr(skb);
239 oldlen = ipv6h->payload_len;
240 newlen = htons(ntohs(oldlen) + ret);
241 if (skb->ip_summed == CHECKSUM_COMPLETE)
242 skb->csum = csum_add(csum_sub(skb->csum, oldlen),
243 newlen);
244 ipv6h->payload_len = newlen;
245 }
246 return XT_CONTINUE;
247}
248#endif
249
250/* Must specify -p tcp --syn */
251static inline bool find_syn_match(const struct xt_entry_match *m)
252{
253 const struct xt_tcp *tcpinfo = (const struct xt_tcp *)m->data;
254
255 if (strcmp(m->u.kernel.match->name, "tcp") == 0 &&
256 tcpinfo->flg_cmp & TCPHDR_SYN &&
257 !(tcpinfo->invflags & XT_TCP_INV_FLAGS))
258 return true;
259
260 return false;
261}
262
263static int tcpmss_tg4_check(const struct xt_tgchk_param *par)
264{
265 const struct xt_tcpmss_info *info = par->targinfo;
266 const struct ipt_entry *e = par->entryinfo;
267 const struct xt_entry_match *ematch;
268
269 if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
270 (par->hook_mask & ~((1 << NF_INET_FORWARD) |
271 (1 << NF_INET_LOCAL_OUT) |
272 (1 << NF_INET_POST_ROUTING))) != 0) {
273 pr_info_ratelimited("path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks\n");
274 return -EINVAL;
275 }
276 if (par->nft_compat)
277 return 0;
278
279 xt_ematch_foreach(ematch, e)
280 if (find_syn_match(ematch))
281 return 0;
282 pr_info_ratelimited("Only works on TCP SYN packets\n");
283 return -EINVAL;
284}
285
286#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
287static int tcpmss_tg6_check(const struct xt_tgchk_param *par)
288{
289 const struct xt_tcpmss_info *info = par->targinfo;
290 const struct ip6t_entry *e = par->entryinfo;
291 const struct xt_entry_match *ematch;
292
293 if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
294 (par->hook_mask & ~((1 << NF_INET_FORWARD) |
295 (1 << NF_INET_LOCAL_OUT) |
296 (1 << NF_INET_POST_ROUTING))) != 0) {
297 pr_info_ratelimited("path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks\n");
298 return -EINVAL;
299 }
300 if (par->nft_compat)
301 return 0;
302
303 xt_ematch_foreach(ematch, e)
304 if (find_syn_match(ematch))
305 return 0;
306 pr_info_ratelimited("Only works on TCP SYN packets\n");
307 return -EINVAL;
308}
309#endif
310
311static struct xt_target tcpmss_tg_reg[] __read_mostly = {
312 {
313 .family = NFPROTO_IPV4,
314 .name = "TCPMSS",
315 .checkentry = tcpmss_tg4_check,
316 .target = tcpmss_tg4,
317 .targetsize = sizeof(struct xt_tcpmss_info),
318 .proto = IPPROTO_TCP,
319 .me = THIS_MODULE,
320 },
321#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
322 {
323 .family = NFPROTO_IPV6,
324 .name = "TCPMSS",
325 .checkentry = tcpmss_tg6_check,
326 .target = tcpmss_tg6,
327 .targetsize = sizeof(struct xt_tcpmss_info),
328 .proto = IPPROTO_TCP,
329 .me = THIS_MODULE,
330 },
331#endif
332};
333
334static int __init tcpmss_tg_init(void)
335{
336 return xt_register_targets(tcpmss_tg_reg, ARRAY_SIZE(tcpmss_tg_reg));
337}
338
339static void __exit tcpmss_tg_exit(void)
340{
341 xt_unregister_targets(tcpmss_tg_reg, ARRAY_SIZE(tcpmss_tg_reg));
342}
343
344module_init(tcpmss_tg_init);
345module_exit(tcpmss_tg_exit);
1/*
2 * This is a module which is used for setting the MSS option in TCP packets.
3 *
4 * Copyright (C) 2000 Marc Boucher <marc@mbsi.ca>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
11#include <linux/module.h>
12#include <linux/skbuff.h>
13#include <linux/ip.h>
14#include <linux/gfp.h>
15#include <linux/ipv6.h>
16#include <linux/tcp.h>
17#include <net/dst.h>
18#include <net/flow.h>
19#include <net/ipv6.h>
20#include <net/route.h>
21#include <net/tcp.h>
22
23#include <linux/netfilter_ipv4/ip_tables.h>
24#include <linux/netfilter_ipv6/ip6_tables.h>
25#include <linux/netfilter/x_tables.h>
26#include <linux/netfilter/xt_tcpudp.h>
27#include <linux/netfilter/xt_TCPMSS.h>
28
29MODULE_LICENSE("GPL");
30MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
31MODULE_DESCRIPTION("Xtables: TCP Maximum Segment Size (MSS) adjustment");
32MODULE_ALIAS("ipt_TCPMSS");
33MODULE_ALIAS("ip6t_TCPMSS");
34
35static inline unsigned int
36optlen(const u_int8_t *opt, unsigned int offset)
37{
38 /* Beware zero-length options: make finite progress */
39 if (opt[offset] <= TCPOPT_NOP || opt[offset+1] == 0)
40 return 1;
41 else
42 return opt[offset+1];
43}
44
45static int
46tcpmss_mangle_packet(struct sk_buff *skb,
47 const struct xt_tcpmss_info *info,
48 unsigned int in_mtu,
49 unsigned int tcphoff,
50 unsigned int minlen)
51{
52 struct tcphdr *tcph;
53 unsigned int tcplen, i;
54 __be16 oldval;
55 u16 newmss;
56 u8 *opt;
57
58 if (!skb_make_writable(skb, skb->len))
59 return -1;
60
61 tcplen = skb->len - tcphoff;
62 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
63
64 /* Header cannot be larger than the packet */
65 if (tcplen < tcph->doff*4)
66 return -1;
67
68 if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
69 if (dst_mtu(skb_dst(skb)) <= minlen) {
70 net_err_ratelimited("unknown or invalid path-MTU (%u)\n",
71 dst_mtu(skb_dst(skb)));
72 return -1;
73 }
74 if (in_mtu <= minlen) {
75 net_err_ratelimited("unknown or invalid path-MTU (%u)\n",
76 in_mtu);
77 return -1;
78 }
79 newmss = min(dst_mtu(skb_dst(skb)), in_mtu) - minlen;
80 } else
81 newmss = info->mss;
82
83 opt = (u_int8_t *)tcph;
84 for (i = sizeof(struct tcphdr); i < tcph->doff*4; i += optlen(opt, i)) {
85 if (opt[i] == TCPOPT_MSS && tcph->doff*4 - i >= TCPOLEN_MSS &&
86 opt[i+1] == TCPOLEN_MSS) {
87 u_int16_t oldmss;
88
89 oldmss = (opt[i+2] << 8) | opt[i+3];
90
91 /* Never increase MSS, even when setting it, as
92 * doing so results in problems for hosts that rely
93 * on MSS being set correctly.
94 */
95 if (oldmss <= newmss)
96 return 0;
97
98 opt[i+2] = (newmss & 0xff00) >> 8;
99 opt[i+3] = newmss & 0x00ff;
100
101 inet_proto_csum_replace2(&tcph->check, skb,
102 htons(oldmss), htons(newmss),
103 0);
104 return 0;
105 }
106 }
107
108 /* There is data after the header so the option can't be added
109 without moving it, and doing so may make the SYN packet
110 itself too large. Accept the packet unmodified instead. */
111 if (tcplen > tcph->doff*4)
112 return 0;
113
114 /*
115 * MSS Option not found ?! add it..
116 */
117 if (skb_tailroom(skb) < TCPOLEN_MSS) {
118 if (pskb_expand_head(skb, 0,
119 TCPOLEN_MSS - skb_tailroom(skb),
120 GFP_ATOMIC))
121 return -1;
122 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
123 }
124
125 skb_put(skb, TCPOLEN_MSS);
126
127 opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
128 memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
129
130 inet_proto_csum_replace2(&tcph->check, skb,
131 htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1);
132 opt[0] = TCPOPT_MSS;
133 opt[1] = TCPOLEN_MSS;
134 opt[2] = (newmss & 0xff00) >> 8;
135 opt[3] = newmss & 0x00ff;
136
137 inet_proto_csum_replace4(&tcph->check, skb, 0, *((__be32 *)opt), 0);
138
139 oldval = ((__be16 *)tcph)[6];
140 tcph->doff += TCPOLEN_MSS/4;
141 inet_proto_csum_replace2(&tcph->check, skb,
142 oldval, ((__be16 *)tcph)[6], 0);
143 return TCPOLEN_MSS;
144}
145
146static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
147 unsigned int family)
148{
149 struct flowi fl;
150 const struct nf_afinfo *ai;
151 struct rtable *rt = NULL;
152 u_int32_t mtu = ~0U;
153
154 if (family == PF_INET) {
155 struct flowi4 *fl4 = &fl.u.ip4;
156 memset(fl4, 0, sizeof(*fl4));
157 fl4->daddr = ip_hdr(skb)->saddr;
158 } else {
159 struct flowi6 *fl6 = &fl.u.ip6;
160
161 memset(fl6, 0, sizeof(*fl6));
162 fl6->daddr = ipv6_hdr(skb)->saddr;
163 }
164 rcu_read_lock();
165 ai = nf_get_afinfo(family);
166 if (ai != NULL)
167 ai->route(&init_net, (struct dst_entry **)&rt, &fl, false);
168 rcu_read_unlock();
169
170 if (rt != NULL) {
171 mtu = dst_mtu(&rt->dst);
172 dst_release(&rt->dst);
173 }
174 return mtu;
175}
176
177static unsigned int
178tcpmss_tg4(struct sk_buff *skb, const struct xt_action_param *par)
179{
180 struct iphdr *iph = ip_hdr(skb);
181 __be16 newlen;
182 int ret;
183
184 ret = tcpmss_mangle_packet(skb, par->targinfo,
185 tcpmss_reverse_mtu(skb, PF_INET),
186 iph->ihl * 4,
187 sizeof(*iph) + sizeof(struct tcphdr));
188 if (ret < 0)
189 return NF_DROP;
190 if (ret > 0) {
191 iph = ip_hdr(skb);
192 newlen = htons(ntohs(iph->tot_len) + ret);
193 csum_replace2(&iph->check, iph->tot_len, newlen);
194 iph->tot_len = newlen;
195 }
196 return XT_CONTINUE;
197}
198
199#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
200static unsigned int
201tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par)
202{
203 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
204 u8 nexthdr;
205 __be16 frag_off;
206 int tcphoff;
207 int ret;
208
209 nexthdr = ipv6h->nexthdr;
210 tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr, &frag_off);
211 if (tcphoff < 0)
212 return NF_DROP;
213 ret = tcpmss_mangle_packet(skb, par->targinfo,
214 tcpmss_reverse_mtu(skb, PF_INET6),
215 tcphoff,
216 sizeof(*ipv6h) + sizeof(struct tcphdr));
217 if (ret < 0)
218 return NF_DROP;
219 if (ret > 0) {
220 ipv6h = ipv6_hdr(skb);
221 ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret);
222 }
223 return XT_CONTINUE;
224}
225#endif
226
227/* Must specify -p tcp --syn */
228static inline bool find_syn_match(const struct xt_entry_match *m)
229{
230 const struct xt_tcp *tcpinfo = (const struct xt_tcp *)m->data;
231
232 if (strcmp(m->u.kernel.match->name, "tcp") == 0 &&
233 tcpinfo->flg_cmp & TCPHDR_SYN &&
234 !(tcpinfo->invflags & XT_TCP_INV_FLAGS))
235 return true;
236
237 return false;
238}
239
240static int tcpmss_tg4_check(const struct xt_tgchk_param *par)
241{
242 const struct xt_tcpmss_info *info = par->targinfo;
243 const struct ipt_entry *e = par->entryinfo;
244 const struct xt_entry_match *ematch;
245
246 if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
247 (par->hook_mask & ~((1 << NF_INET_FORWARD) |
248 (1 << NF_INET_LOCAL_OUT) |
249 (1 << NF_INET_POST_ROUTING))) != 0) {
250 pr_info("path-MTU clamping only supported in "
251 "FORWARD, OUTPUT and POSTROUTING hooks\n");
252 return -EINVAL;
253 }
254 xt_ematch_foreach(ematch, e)
255 if (find_syn_match(ematch))
256 return 0;
257 pr_info("Only works on TCP SYN packets\n");
258 return -EINVAL;
259}
260
261#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
262static int tcpmss_tg6_check(const struct xt_tgchk_param *par)
263{
264 const struct xt_tcpmss_info *info = par->targinfo;
265 const struct ip6t_entry *e = par->entryinfo;
266 const struct xt_entry_match *ematch;
267
268 if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
269 (par->hook_mask & ~((1 << NF_INET_FORWARD) |
270 (1 << NF_INET_LOCAL_OUT) |
271 (1 << NF_INET_POST_ROUTING))) != 0) {
272 pr_info("path-MTU clamping only supported in "
273 "FORWARD, OUTPUT and POSTROUTING hooks\n");
274 return -EINVAL;
275 }
276 xt_ematch_foreach(ematch, e)
277 if (find_syn_match(ematch))
278 return 0;
279 pr_info("Only works on TCP SYN packets\n");
280 return -EINVAL;
281}
282#endif
283
284static struct xt_target tcpmss_tg_reg[] __read_mostly = {
285 {
286 .family = NFPROTO_IPV4,
287 .name = "TCPMSS",
288 .checkentry = tcpmss_tg4_check,
289 .target = tcpmss_tg4,
290 .targetsize = sizeof(struct xt_tcpmss_info),
291 .proto = IPPROTO_TCP,
292 .me = THIS_MODULE,
293 },
294#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
295 {
296 .family = NFPROTO_IPV6,
297 .name = "TCPMSS",
298 .checkentry = tcpmss_tg6_check,
299 .target = tcpmss_tg6,
300 .targetsize = sizeof(struct xt_tcpmss_info),
301 .proto = IPPROTO_TCP,
302 .me = THIS_MODULE,
303 },
304#endif
305};
306
307static int __init tcpmss_tg_init(void)
308{
309 return xt_register_targets(tcpmss_tg_reg, ARRAY_SIZE(tcpmss_tg_reg));
310}
311
312static void __exit tcpmss_tg_exit(void)
313{
314 xt_unregister_targets(tcpmss_tg_reg, ARRAY_SIZE(tcpmss_tg_reg));
315}
316
317module_init(tcpmss_tg_init);
318module_exit(tcpmss_tg_exit);