On Thu, 2016-11-10 at 11:49 -0800, Eric Dumazet wrote: > On Thu, 2016-11-10 at 11:26 -0800, Eric Dumazet wrote: > > > The issue is that sk_filter() truncates an incoming packet to a smaller > > value. > > > > Bad things happen because TCP_SKB_CB(skb)->end_seq is not updated. > > > > I guess other issues would also happen if the truncation also removes > > part of tcp header. > > > > sk_filter_trim_cap(sk, skb, tcp_hlen) would be needed, > > or sk_filter_trim_cap(sk, skb, skb->len) to only ACCEPT/DROP packets, > > but no truncations. > > Something like : Another sk_filter() is used in tcp v6. So the correct patch would be : diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 61b7be303eec..0b8f575eefaa 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1676,7 +1676,7 @@ int tcp_v4_rcv(struct sk_buff *skb) nf_reset(skb); - if (sk_filter(sk, skb)) + if (sk_filter_trim_cap(sk, skb, skb->len)) goto discard_and_relse; skb->dev = NULL; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 6ca23c2e76f7..96525649a397 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1229,7 +1229,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) if (skb->protocol == htons(ETH_P_IP)) return tcp_v4_do_rcv(sk, skb); - if (sk_filter(sk, skb)) + if (sk_filter_trim_cap(sk, skb, skb->len)) goto discard; /* @@ -1457,7 +1457,7 @@ static int tcp_v6_rcv(struct sk_buff *skb) if (tcp_v6_inbound_md5_hash(sk, skb)) goto discard_and_relse; - if (sk_filter(sk, skb)) + if (sk_filter_trim_cap(sk, skb, skb->len)) goto discard_and_relse; skb->dev = NULL; -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html