Re: [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned

Next message: Hao Ge: "[PATCH] MAINTAINERS: add Hao Ge as reviewer for codetag and alloc_tag"
Previous message: Patrice Chotard: "[PATCH v7 3/7] ARM: dts: stm32: Add boot phase tags for STMicroelectronics h7 boards"
In reply to: Fernando Fernandez Mancera: "Re: [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned"
Next in thread: kernel test robot: "Re: [PATCH] netfilter: TCPMSS: fix dropped packets when MSS option is unaligned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Laight

Date: Tue May 26 2026 - 05:31:47 EST

On Tue, 26 May 2026 00:08:15 +0200
Fernando Fernandez Mancera <fmancera@xxxxxxx> wrote:

> On 5/25/26 11:28 PM, Florian Westphal wrote:
> > Kacper Kokot <kacper.kokot.44@xxxxxxxxx> wrote:
> >> Padding TCP options with NOPs is optional, so it is legal to send an
> >> MSS option that is not aligned to a word boundary and therefore not
> >> aligned for checksum calculation. The current TCPMSS target is not
> >> robust to this: when the MSS option is unaligned it produces an
> >> invalid checksum, and the packet is dropped.
> >
> > Is this an actual, real world bug? This code is 20+ years old, all that
> > this hints at is that they are always aligned in reality?
> >
>
> AFAICS, these issues are not present in real environments as MSS option
> is placed at the beginning of the options block making it aligned by
> default usually.
>
> I would say this is more for correctness. I wonder, if we are touching
> this code, we could use the opportunity to make it use
> get_unaligned_be16() instead.

gcc and clang convert x[0] << 8 | x[1] (etc) to the appropriate single
instruction (and maybe byteswap) on cpu that support misaligned accesses.
So there is little to gain from doing it any other way.

-- David