Skip to content

Commit d6b3347

Browse files
edumazetummakynes
edumazet
authored and
ummakynes
committed
netfilter: xt_TCPMSS: handle CHECKSUM_COMPLETE in tcpmss_tg6()
In case MSS option is added in TCP options, skb length increases by 4. IPv6 needs to update skb->csum if skb has CHECKSUM_COMPLETE, otherwise kernel complains loudly in netdev_rx_csum_fault() with a stack dump. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 parent efaea94 commit d6b3347

File tree

1 file changed

+7
-2
lines changed

1 file changed

+7
-2
lines changed

net/netfilter/xt_TCPMSS.c

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -228,7 +228,7 @@ tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par)
228228
{
229229
struct ipv6hdr *ipv6h = ipv6_hdr(skb);
230230
u8 nexthdr;
231-
__be16 frag_off;
231+
__be16 frag_off, oldlen, newlen;
232232
int tcphoff;
233233
int ret;
234234

@@ -244,7 +244,12 @@ tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par)
244244
return NF_DROP;
245245
if (ret > 0) {
246246
ipv6h = ipv6_hdr(skb);
247-
ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret);
247+
oldlen = ipv6h->payload_len;
248+
newlen = htons(ntohs(oldlen) + ret);
249+
if (skb->ip_summed == CHECKSUM_COMPLETE)
250+
skb->csum = csum_add(csum_sub(skb->csum, oldlen),
251+
newlen);
252+
ipv6h->payload_len = newlen;
248253
}
249254
return XT_CONTINUE;
250255
}

0 commit comments

Comments
 (0)