On Mon, Sep 30, 2013 at 08:51:46AM +0100, Patrick McHardy wrote: > TCP packets hitting the SYN proxy through the SYNPROXY target are not > validated by TCP conntrack. When th->doff is below 5, an underflow happens > when calculating the options length, causing skb_header_pointer() to > return NULL and triggering the BUG_ON(). > > Handle this case gracefully by checking for NULL instead of using BUG_ON(). Applied, thanks Patrick! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html