--- zzzz-none-000/linux-4.19.183/net/netfilter/xt_tcpudp.c	2021-03-24 10:07:39.000000000 +0000
+++ bcm63-7530ax-756/linux-4.19.183/net/netfilter/xt_tcpudp.c	2023-06-28 08:54:21.000000000 +0000
@@ -114,6 +114,30 @@
 				     &par->hotdrop))
 			return false;
 	}
+#if defined(CONFIG_BCM_KF_NETFILTER)
+	if (tcpinfo->pure_ack) {
+		__u32 payload_len = 0xFFFFFFFF;
+		if (par->state->pf == NFPROTO_IPV4) {
+			const struct iphdr *ih = (struct iphdr *)skb_network_header(skb);
+			struct iphdr _iph;
+			if (!ih || ih->version != 4 || ((ih->ihl * 4) < sizeof(_iph))) {
+				par->hotdrop = true;
+				return false;
+			}
+			payload_len = ntohs(ih->tot_len) - (ih->ihl * 4) - (th->doff * 4);
+		} else if (par->state->pf == NFPROTO_IPV6) {
+			const struct ipv6hdr *i6h = (struct ipv6hdr *)skb_network_header(skb);
+			if (!i6h || i6h->version != 6) {
+				par->hotdrop = true;
+				return false;
+			}
+			payload_len = ntohs(i6h->payload_len) - (th->doff * 4);
+		} else {
+			return false;
+		}
+		return NF_INVF(tcpinfo, XT_TCP_INV_FLAGS, !payload_len);
+	}
+#endif
 	return true;
 }