diff options
author | Xin Long <lucien.xin@gmail.com> | 2023-01-28 10:58:31 -0500 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2023-02-01 20:54:27 -0800 |
commit | 46abd17302ba6be2e06818088e40a568e8f9e7af (patch) | |
tree | e54548d95d87b64a1e03629f04f885733a7a0fec /net/bridge/br_netfilter_hooks.c | |
parent | 058a8f7f73aae1cc22b53fcefec031b9e391b54d (diff) |
bridge: use skb_ip_totlen in br netfilter
These 3 places in bridge netfilter are called on RX path after GRO
and IPv4 TCP GSO packets may come through, so replace iph tot_len
accessing with skb_ip_totlen() in there.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/bridge/br_netfilter_hooks.c')
-rw-r--r-- | net/bridge/br_netfilter_hooks.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index f20f4373ff40..b67c9c98effa 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -214,7 +214,7 @@ static int br_validate_ipv4(struct net *net, struct sk_buff *skb) if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) goto csum_error; - len = ntohs(iph->tot_len); + len = skb_ip_totlen(skb); if (skb->len < len) { __IP_INC_STATS(net, IPSTATS_MIB_INTRUNCATEDPKTS); goto drop; |