On Thu, Jun 29, 2017 at 05:00:21PM +0200, Pablo Neira Ayuso wrote: > Hi Greg, > > Please, cherry-pick this commit: > > commit 2638fd0f92d4397884fd991d8f4925cb3f081901 > Author: Eric Dumazet <edumazet@xxxxxxxxxx> > Date: Mon Apr 3 10:55:11 2017 -0700 > > netfilter: xt_TCPMSS: add more sanity tests on tcph->doff > > People are experiencing crashes in production without this patch: > > http://marc.info/?l=linux-netdev&m=149759912312430&w=2 > > [ Note for other stable maintainers: This patch applies cleanly here > from 3.16 onwards. ] Now applied, thanks! greg k-h