From: David Laight <david.laight.linux@gmail.com>
To: Fernando Fernandez Mancera <fmancera@suse.de>
Cc: Florian Westphal <fw@strlen.de>,
Kacper Kokot <kacper.kokot.44@gmail.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Phil Sutter <phil@nwl.cc>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned
Date: Tue, 26 May 2026 10:31:02 +0100 [thread overview]
Message-ID: <20260526103102.003aedd9@pumpkin> (raw)
In-Reply-To: <b82e4092-1f4e-40ca-b117-31c062ea54c2@suse.de>
On Tue, 26 May 2026 00:08:15 +0200
Fernando Fernandez Mancera <fmancera@suse.de> wrote:
> On 5/25/26 11:28 PM, Florian Westphal wrote:
> > Kacper Kokot <kacper.kokot.44@gmail.com> wrote:
> >> Padding TCP options with NOPs is optional, so it is legal to send an
> >> MSS option that is not aligned to a word boundary and therefore not
> >> aligned for checksum calculation. The current TCPMSS target is not
> >> robust to this: when the MSS option is unaligned it produces an
> >> invalid checksum, and the packet is dropped.
> >
> > Is this an actual, real world bug? This code is 20+ years old, all that
> > this hints at is that they are always aligned in reality?
> >
>
> AFAICS, these issues are not present in real environments as MSS option
> is placed at the beginning of the options block making it aligned by
> default usually.
>
> I would say this is more for correctness. I wonder, if we are touching
> this code, we could use the opportunity to make it use
> get_unaligned_be16() instead.
gcc and clang convert x[0] << 8 | x[1] (etc) to the appropriate single
instruction (and maybe byteswap) on cpu that support misaligned accesses.
So there is little to gain from doing it any other way.
-- David
next prev parent reply other threads:[~2026-05-26 9:31 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-25 20:11 [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned Kacper Kokot
2026-05-25 21:28 ` Florian Westphal
2026-05-25 21:44 ` Kacper Kokot
2026-05-25 22:08 ` Fernando Fernandez Mancera
2026-05-26 9:31 ` David Laight [this message]
2026-05-26 13:50 ` kernel test robot
2026-05-26 15:18 ` David Laight
2026-05-26 16:46 ` kernel test robot
2026-05-26 23:21 ` Kacper Kokot
2026-05-28 16:31 ` kernel test robot
2026-05-28 18:11 ` kernel test robot
2026-05-28 19:40 ` David Laight
2026-05-28 22:34 ` [PATCH v2] " Kacper Kokot
2026-05-28 22:52 ` Pablo Neira Ayuso
2026-05-29 7:14 ` Fernando Fernandez Mancera
2026-05-29 20:54 ` [PATCH] " kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260526103102.003aedd9@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fmancera@suse.de \
--cc=fw@strlen.de \
--cc=horms@kernel.org \
--cc=kacper.kokot.44@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=phil@nwl.cc \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.