git.baikalelectronics.ru Git - kernel.git/commit

author	Frank van der Linden <fllinden@amazon.com>
	Tue, 12 Jun 2018 23:09:37 +0000 (23:09 +0000)
committer	David S. Miller <davem@davemloft.net>
	Fri, 15 Jun 2018 00:04:41 +0000 (17:04 -0700)
commit	efac13efcf8f6e41f546ee73e18064e7a6a2a897
tree	f579372ac46831d702ee8b3bc08f6cf3e463ca91	tree \| snapshot
parent	9eef564a12cd642ac63d0ce20c9ebf22dd5ab862	commit \| diff

tcp: verify the checksum of the first data segment in a new connection

commit abe93be0399c ("tcp/dccp: install syn_recv requests into ehash
table") introduced an optimization for the handling of child sockets
created for a new TCP connection.

But this optimization passes any data associated with the last ACK of the
connection handshake up the stack without verifying its checksum, because it
calls tcp_child_process(), which in turn calls tcp_rcv_state_process()
directly. These lower-level processing functions do not do any checksum
verification.

Insert a tcp_checksum_complete call in the TCP_NEW_SYN_RECEIVE path to
fix this.

Fixes: abe93be0399c ("tcp/dccp: install syn_recv requests into ehash table")
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Balbir Singh <bsingharora@gmail.com>
Reviewed-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/tcp_ipv4.c		diff \| blob \| history
net/ipv6/tcp_ipv6.c		diff \| blob \| history