git.baikalelectronics.ru Git - kernel.git/commit

author	Frank van der Linden <fllinden@amazon.com>
	Tue, 12 Jun 2018 23:09:37 +0000 (23:09 +0000)
committer	David S. Miller <davem@davemloft.net>
	Fri, 15 Jun 2018 00:04:41 +0000 (17:04 -0700)
commit	113d6ab16545d9a09d6e682f96f2d92777c316e8
tree	f579372ac46831d702ee8b3bc08f6cf3e463ca91	tree \| snapshot
parent	63d0e41fb2349232a52fb13e78d6dacbb9871965	commit \| diff

tcp: verify the checksum of the first data segment in a new connection

commit aaf9f4668c2b ("tcp/dccp: install syn_recv requests into ehash
table") introduced an optimization for the handling of child sockets
created for a new TCP connection.

But this optimization passes any data associated with the last ACK of the
connection handshake up the stack without verifying its checksum, because it
calls tcp_child_process(), which in turn calls tcp_rcv_state_process()
directly. These lower-level processing functions do not do any checksum
verification.

Insert a tcp_checksum_complete call in the TCP_NEW_SYN_RECEIVE path to
fix this.

Fixes: aaf9f4668c2b ("tcp/dccp: install syn_recv requests into ehash table")
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Balbir Singh <bsingharora@gmail.com>
Reviewed-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/tcp_ipv4.c		diff \| blob \| history
net/ipv6/tcp_ipv6.c		diff \| blob \| history