Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d6b3347b authored by Eric Dumazet's avatar Eric Dumazet Committed by Pablo Neira Ayuso
Browse files

netfilter: xt_TCPMSS: handle CHECKSUM_COMPLETE in tcpmss_tg6() 



In case MSS option is added in TCP options, skb length increases by 4.
IPv6 needs to update skb->csum if skb has CHECKSUM_COMPLETE,
otherwise kernel complains loudly in netdev_rx_csum_fault() with a
stack dump.

Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent efaea94a

net/netfilter/xt_TCPMSS.c

+7 −2
Original line number Original line Diff line number Diff line
@@ -228,7 +228,7 @@ tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par) 
{

{

	struct ipv6hdr *ipv6h = ipv6_hdr(skb);

	struct ipv6hdr *ipv6h = ipv6_hdr(skb);

	u8 nexthdr;

	u8 nexthdr;

	__be16 frag_off;

	__be16 frag_off, oldlen, newlen;

	int tcphoff;

	int tcphoff;

	int ret;

	int ret;
@@ -244,7 +244,12 @@ tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par) 
		return NF_DROP;

		return NF_DROP;

	if (ret > 0) {

	if (ret > 0) {

		ipv6h = ipv6_hdr(skb);

		ipv6h = ipv6_hdr(skb);

		ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret);

		oldlen = ipv6h->payload_len;

		newlen = htons(ntohs(oldlen) + ret);

		if (skb->ip_summed == CHECKSUM_COMPLETE)

			skb->csum = csum_add(csum_sub(skb->csum, oldlen),

					     newlen);

		ipv6h->payload_len = newlen;

	}

	}

	return XT_CONTINUE;

	return XT_CONTINUE;

}

}