Hi!
>> Regarding 4.19, the patch does not work there since the struct pkt does
>> not have a member fragoff. I suppose this is hidden deeply in the skbuf
>> structure...
> Sad. You might ask the maintainers if they can consider the fix as
> well for older stable series, mentioneing back the one you would be
> intersted in (so 4.19.y in your case).
Thanks to a hint from Florian Westphal, i modified the patch for 4.19
and it fixes the issue also in 4.19.
The patch is attached.
cheerio
Steve
--- linux-source-4.19/net/netfilter/nft_payload.c.orig 2021-09-26 11:39:49.000000000 +0000
+++ linux-source-4.19/net/netfilter/nft_payload.c 2022-01-04 18:53:04.888219213 +0000
@@ -194,6 +194,9 @@
struct sk_buff *skb,
unsigned int *l4csum_offset)
{
+ if (pkt->xt.fragoff)
+ return -1;
+
switch (pkt->tprot) {
case IPPROTO_TCP:
*l4csum_offset = offsetof(struct tcphdr, check);
