Re: [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned

Next message: Qu Wenruo: "Re: [PATCH] btrfs: fix subpage state mismatch in cow_fixup writeback path"
Previous message: Rosen Penev: "[PATCH] dma: map_benchmark: turn dma_sg_map_param buf into a flexible array"
In reply to: Kacper Kokot: "Re: [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned"
Next in thread: David Laight: "Re: [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Fernando Fernandez Mancera

Date: Mon May 25 2026 - 18:08:26 EST

On 5/25/26 11:28 PM, Florian Westphal wrote:

Kacper Kokot <kacper.kokot.44@xxxxxxxxx> wrote:

Padding TCP options with NOPs is optional, so it is legal to send an
MSS option that is not aligned to a word boundary and therefore not
aligned for checksum calculation. The current TCPMSS target is not
robust to this: when the MSS option is unaligned it produces an
invalid checksum, and the packet is dropped.

Is this an actual, real world bug? This code is 20+ years old, all that
this hints at is that they are always aligned in reality?

AFAICS, these issues are not present in real environments as MSS option is placed at the beginning of the options block making it aligned by default usually.

I would say this is more for correctness. I wonder, if we are touching this code, we could use the opportunity to make it use get_unaligned_be16() instead.