[NETFILTER]: Clear GSO bits for TCP reset packet

The TCP reset packet is copied from the original.  This
includes all the GSO bits which do not apply to the new
packet.  So we should clear those bits.

Spotted by Patrick McHardy.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index a9eb3635fff26ef86060c22b25e1165dd9082f24..80f739e218244936b1da8a27f9e041225046ba54 100644 (file)
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -80,6 +80,10 @@ static void send_reset(struct sk_buff *oldskb, int hook)
        nskb->mark = 0;
        skb_init_secmark(nskb);
 
+       skb_shinfo(nskb)->gso_size = 0;
+       skb_shinfo(nskb)->gso_segs = 0;
+       skb_shinfo(nskb)->gso_type = 0;
+
        tcph = (struct tcphdr *)((u_int32_t*)nskb->nh.iph + nskb->nh.iph->ihl);
 
        /* Swap source and dest */