bridge: use skb_ip_totlen in br netfilter

These 3 places in bridge netfilter are called on RX path after GRO and IPv4 TCP GSO packets may come through, so replace iph tot_len accessing with skb_ip_totlen() in there. Signed-off-by: Xin Long <lucien.xin@gmail.com> Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org> Reviewed-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Xin Long <lucien.xin@gmail.com> 2023-01-28 10:58:31 -0500
committer: Jakub Kicinski <kuba@kernel.org> 2023-02-01 20:54:27 -0800
commit: 46abd17302ba6be2e06818088e40a568e8f9e7af (patch)
tree: e54548d95d87b64a1e03629f04f885733a7a0fec /net/bridge/br_netfilter_hooks.c
parent: 058a8f7f73aae1cc22b53fcefec031b9e391b54d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index f20f4373ff40..b67c9c98effa 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -214,7 +214,7 @@ static int br_validate_ipv4(struct net *net, struct sk_buff *skb)
 	if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
 		goto csum_error;
 
-	len = ntohs(iph->tot_len);
+	len = skb_ip_totlen(skb);
 	if (skb->len < len) {
 		__IP_INC_STATS(net, IPSTATS_MIB_INTRUNCATEDPKTS);
 		goto drop;
author	Xin Long <lucien.xin@gmail.com>	2023-01-28 10:58:31 -0500
committer	Jakub Kicinski <kuba@kernel.org>	2023-02-01 20:54:27 -0800
commit	46abd17302ba6be2e06818088e40a568e8f9e7af (patch)
tree	e54548d95d87b64a1e03629f04f885733a7a0fec /net/bridge/br_netfilter_hooks.c
parent	058a8f7f73aae1cc22b53fcefec031b9e391b54d (diff)