On Thu, 2016-11-10 at 11:26 -0800, Eric Dumazet wrote: > The issue is that sk_filter() truncates an incoming packet to a smaller > value. > > Bad things happen because TCP_SKB_CB(skb)->end_seq is not updated. > > I guess other issues would also happen if the truncation also removes > part of tcp header. > > sk_filter_trim_cap(sk, skb, tcp_hlen) would be needed, > or sk_filter_trim_cap(sk, skb, skb->len) to only ACCEPT/DROP packets, > but no truncations. Something like : diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 61b7be303eec..0b8f575eefaa 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1676,7 +1676,7 @@ int tcp_v4_rcv(struct sk_buff *skb) nf_reset(skb); - if (sk_filter(sk, skb)) + if (sk_filter_trim_cap(sk, skb, skb->len)) goto discard_and_relse; skb->dev = NULL; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 6ca23c2e76f7..2c7a6f7f1113 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1229,7 +1229,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (skb->protocol == htons(ETH_P_IP)) return tcp_v4_do_rcv(sk, skb); - if (sk_filter(sk, skb)) + if (sk_filter_trim_cap(sk, skb, skb->len)) goto discard; /* -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html