Hi Greg,
Please, cherry-pick this commit:
commit 2638fd0f92d4397884fd991d8f4925cb3f081901
Author: Eric Dumazet <edumazet@xxxxxxxxxx>
Date: Mon Apr 3 10:55:11 2017 -0700
netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
People are experiencing crashes in production without this patch:
http://marc.info/?l=linux-netdev&m=149759912312430&w=2
[ Note for other stable maintainers: This patch applies cleanly here
from 3.16 onwards. ]
Thanks!