From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Dumazet <eric.dumazet@gmail.com>
Subject: Re: [PATCH v2] tcp: verify the checksum of the first data segment in
 a new connection
Date: Tue, 12 Jun 2018 15:03:35 -0700
Message-ID: <212193c0-2fee-7f88-5473-9f5f4c548cb8@gmail.com>
References: <5b203e1b.vy4yU6CwMEwLmNtj%fllinden@amazon.com>
 <9541859a-1346-e13a-b97c-a2a63f3b19f4@gmail.com>
 <EB56EB1B-8E64-4D2C-9604-5ACFD3857F0D@amazon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
To: "van der Linden, Frank" <fllinden@amazon.com>,
        Eric Dumazet <eric.dumazet@gmail.com>,
        "edumazet@google.com" <edumazet@google.com>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-pl0-f66.google.com ([209.85.160.66]:41283 "EHLO
        mail-pl0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933912AbeFLWDj (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 12 Jun 2018 18:03:39 -0400
Received: by mail-pl0-f66.google.com with SMTP id az12-v6so257116plb.8
        for <netdev@vger.kernel.org>; Tue, 12 Jun 2018 15:03:39 -0700 (PDT)
In-Reply-To: <EB56EB1B-8E64-4D2C-9604-5ACFD3857F0D@amazon.com>
Content-Language: en-US
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>



On 06/12/2018 02:53 PM, van der Linden, Frank wrote:
> The convention seems to be to call tcp_checksum_complete after tcp_filter has a chance to deal with the packet. I wanted to preserve that.
> 
> If that is not a concern, then I agree that this is a far better way to go.
> 
> Frank

Given that we can drop the packet earlier from :

if (skb_checksum_init(skb, IPPROTO_TCP, inet_compute_pseudo))
     goto csum_error;

I am quite sure we really do not care of tcp_filter() being
hit or not by packets with bad checksum.

Thanks