In commit bc6bcb59 ("netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond
packet boundary"), a check for short TCP header or malformed packet was added.
This check is unnecessary, as these packets are already handled in the tcp_error
function of nf_conntrack_proto_tcp.c (see /* Not whole TCP header or malformed
packet */).  In addition, there was an error in the check which was added (len
is being calculated incorrectly).  In my testing, ALL packets are being dropped
by the TCPOPTSTRIP target at present.  Revert the unnecessary/incorrect checks.

Phil

Signed-off-by: Phil Oester <kernel@linuxace.com>