From: David Laight <david.laight.linux@gmail.com>
To: kernel test robot <lkp@intel.com>
Cc: Kacper Kokot <kacper.kokot.44@gmail.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Florian Westphal <fw@strlen.de>, Phil Sutter <phil@nwl.cc>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
linux-kernel@vger.kernel.org, oe-kbuild-all@lists.linux.dev,
netdev@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned
Date: Tue, 26 May 2026 16:18:20 +0100 [thread overview]
Message-ID: <20260526161820.63c56e56@pumpkin> (raw)
In-Reply-To: <202605261527.v5NoRvES-lkp@intel.com>
On Tue, 26 May 2026 15:50:00 +0200
kernel test robot <lkp@intel.com> wrote:
> Hi Kacper,
>
> kernel test robot noticed the following build warnings:
>
> [auto build test WARNING on nf-next/main]
> [also build test WARNING on netfilter-nf/main linus/master v6.16-rc1 next-20260525]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url: https://github.com/intel-lab-lkp/linux/commits/Kacper-Kokot/netfilter-TCPMSS-fix-dropped-packets-when-MSS-option-is-unaligned/20260526-041308
> base: https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git main
> patch link: https://lore.kernel.org/r/20260525201116.407338-2-kacper.kokot.44%40gmail.com
> patch subject: [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned
> config: x86_64-rhel-9.4-ltp (https://download.01.org/0day-ci/archive/20260526/202605261527.v5NoRvES-lkp@intel.com/config)
> compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260526/202605261527.v5NoRvES-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202605261527.v5NoRvES-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
> net/netfilter/xt_TCPMSS.c: In function 'tcpmss_mangle_packet':
> >> net/netfilter/xt_TCPMSS.c:140:66: warning: suggest parentheses around comparison in operand of '&' [-Wparentheses]
> 140 | if (((char *)&opt[i + 2] - (char *)tcph) & 0x1 != 0) {
> | ^
and, of course, the code works fine because 0x1 != 0 is 1.
K (or maybe R) said that with hindsight they should have corrected the
priority of & and | when they added && and || and just fixed all the
existing code so it still worked.
-- David
>
>
> vim +140 net/netfilter/xt_TCPMSS.c
>
> 69
> 70 static int
> 71 tcpmss_mangle_packet(struct sk_buff *skb,
> 72 const struct xt_action_param *par,
> 73 unsigned int family,
> 74 unsigned int tcphoff,
> 75 unsigned int minlen)
> 76 {
> 77 const struct xt_tcpmss_info *info = par->targinfo;
> 78 struct tcphdr *tcph;
> 79 int len, tcp_hdrlen;
> 80 unsigned int i;
> 81 __be16 oldval;
> 82 u16 newmss;
> 83 u8 *opt;
> 84
> 85 /* This is a fragment, no TCP header is available */
> 86 if (par->fragoff != 0)
> 87 return 0;
> 88
> 89 if (skb_ensure_writable(skb, skb->len))
> 90 return -1;
> 91
> 92 len = skb->len - tcphoff;
> 93 if (len < (int)sizeof(struct tcphdr))
> 94 return -1;
> 95
> 96 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
> 97 tcp_hdrlen = tcph->doff * 4;
> 98
> 99 if (len < tcp_hdrlen || tcp_hdrlen < sizeof(struct tcphdr))
> 100 return -1;
> 101
> 102 if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
> 103 struct net *net = xt_net(par);
> 104 unsigned int in_mtu = tcpmss_reverse_mtu(net, skb, family);
> 105 unsigned int min_mtu = min(dst_mtu(skb_dst(skb)), in_mtu);
> 106
> 107 if (min_mtu <= minlen) {
> 108 net_err_ratelimited("unknown or invalid path-MTU (%u)\n",
> 109 min_mtu);
> 110 return -1;
> 111 }
> 112 newmss = min_mtu - minlen;
> 113 } else
> 114 newmss = info->mss;
> 115
> 116 opt = (u_int8_t *)tcph;
> 117 for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) {
> 118 if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) {
> 119 u_int16_t oldmss;
> 120 u16 csum_oldmss, csum_newmss;
> 121
> 122 oldmss = (opt[i+2] << 8) | opt[i+3];
> 123
> 124 /* Never increase MSS, even when setting it, as
> 125 * doing so results in problems for hosts that rely
> 126 * on MSS being set correctly.
> 127 */
> 128 if (oldmss <= newmss)
> 129 return 0;
> 130
> 131 opt[i+2] = (newmss & 0xff00) >> 8;
> 132 opt[i+3] = newmss & 0x00ff;
> 133
> 134 csum_oldmss = htons(oldmss);
> 135 csum_newmss = htons(newmss);
> 136
> 137 /* MSS may be unaligned; fix up the incremental checksum
> 138 * to avoid an invalid checksum and a dropped packet.
> 139 */
> > 140 if (((char *)&opt[i + 2] - (char *)tcph) & 0x1 != 0) {
> 141 csum_oldmss = swab16(csum_oldmss);
> 142 csum_newmss = swab16(csum_newmss);
> 143 }
> 144
> 145 inet_proto_csum_replace2(&tcph->check, skb,
> 146 csum_oldmss, csum_newmss,
> 147 false);
> 148 return 0;
> 149 }
> 150 }
> 151
> 152 /* There is data after the header so the option can't be added
> 153 * without moving it, and doing so may make the SYN packet
> 154 * itself too large. Accept the packet unmodified instead.
> 155 */
> 156 if (len > tcp_hdrlen)
> 157 return 0;
> 158
> 159 /* tcph->doff has 4 bits, do not wrap it to 0 */
> 160 if (tcp_hdrlen >= 15 * 4)
> 161 return 0;
> 162
> 163 /*
> 164 * MSS Option not found ?! add it..
> 165 */
> 166 if (skb_tailroom(skb) < TCPOLEN_MSS) {
> 167 if (pskb_expand_head(skb, 0,
> 168 TCPOLEN_MSS - skb_tailroom(skb),
> 169 GFP_ATOMIC))
> 170 return -1;
> 171 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
> 172 }
> 173
> 174 skb_put(skb, TCPOLEN_MSS);
> 175
> 176 /*
> 177 * IPv4: RFC 1122 states "If an MSS option is not received at
> 178 * connection setup, TCP MUST assume a default send MSS of 536".
> 179 * IPv6: RFC 2460 states IPv6 has a minimum MTU of 1280 and a minimum
> 180 * length IPv6 header of 60, ergo the default MSS value is 1220
> 181 * Since no MSS was provided, we must use the default values
> 182 */
> 183 if (xt_family(par) == NFPROTO_IPV4)
> 184 newmss = min(newmss, (u16)536);
> 185 else
> 186 newmss = min(newmss, (u16)1220);
> 187
> 188 opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
> 189 memmove(opt + TCPOLEN_MSS, opt, len - sizeof(struct tcphdr));
> 190
> 191 inet_proto_csum_replace2(&tcph->check, skb,
> 192 htons(len), htons(len + TCPOLEN_MSS), true);
> 193 opt[0] = TCPOPT_MSS;
> 194 opt[1] = TCPOLEN_MSS;
> 195 opt[2] = (newmss & 0xff00) >> 8;
> 196 opt[3] = newmss & 0x00ff;
> 197
> 198 inet_proto_csum_replace4(&tcph->check, skb, 0, *((__be32 *)opt), false);
> 199
> 200 oldval = ((__be16 *)tcph)[6];
> 201 tcph->doff += TCPOLEN_MSS/4;
> 202 inet_proto_csum_replace2(&tcph->check, skb,
> 203 oldval, ((__be16 *)tcph)[6], false);
> 204 return TCPOLEN_MSS;
> 205 }
> 206
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
next prev parent reply other threads:[~2026-05-26 15:18 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-25 20:11 [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned Kacper Kokot
2026-05-25 21:28 ` Florian Westphal
2026-05-25 21:44 ` Kacper Kokot
2026-05-25 22:08 ` Fernando Fernandez Mancera
2026-05-26 9:31 ` David Laight
2026-05-26 13:50 ` kernel test robot
2026-05-26 15:18 ` David Laight [this message]
2026-05-26 16:46 ` kernel test robot
2026-05-26 23:21 ` Kacper Kokot
2026-05-28 16:31 ` kernel test robot
2026-05-28 18:11 ` kernel test robot
2026-05-28 19:40 ` David Laight
2026-05-28 22:34 ` [PATCH v2] " Kacper Kokot
2026-05-28 22:52 ` Pablo Neira Ayuso
2026-05-29 7:14 ` Fernando Fernandez Mancera
2026-05-29 20:54 ` [PATCH] " kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260526161820.63c56e56@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=horms@kernel.org \
--cc=kacper.kokot.44@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=phil@nwl.cc \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.