From: "van der Linden, Frank" <fllinden@amazon.com>
To: Eric Dumazet <eric.dumazet@gmail.com>,
"edumazet@google.com" <edumazet@google.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: [PATCH v2] tcp: verify the checksum of the first data segment in a new connection
Date: Tue, 12 Jun 2018 22:30:24 +0000 [thread overview]
Message-ID: <DBB771BB-F7EE-4488-9613-815AAD74DE62@amazon.com> (raw)
In-Reply-To: <212193c0-2fee-7f88-5473-9f5f4c548cb8@gmail.com>
Sure, fair enough. I was assuming there might be a reason of why tcp_filter was always done after the data (not pseudo header) checksum. If there isn't (and obviously the the possible MD5 checks are done before it too), then that's definitely the right thing to do.
I'll resend. Though if you have the simpler change already lined up, I'll happily refrain from sending it myself.
Frank
On 6/12/18, 3:03 PM, "Eric Dumazet" <eric.dumazet@gmail.com> wrote:
On 06/12/2018 02:53 PM, van der Linden, Frank wrote:
> The convention seems to be to call tcp_checksum_complete after tcp_filter has a chance to deal with the packet. I wanted to preserve that.
>
> If that is not a concern, then I agree that this is a far better way to go.
>
> Frank
Given that we can drop the packet earlier from :
if (skb_checksum_init(skb, IPPROTO_TCP, inet_compute_pseudo))
goto csum_error;
I am quite sure we really do not care of tcp_filter() being
hit or not by packets with bad checksum.
Thanks
next prev parent reply other threads:[~2018-06-12 22:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-12 21:41 [PATCH v2] tcp: verify the checksum of the first data segment in a new connection Frank van der Linden
2018-06-12 21:50 ` Eric Dumazet
2018-06-12 21:53 ` van der Linden, Frank
2018-06-12 22:03 ` Eric Dumazet
2018-06-12 22:30 ` van der Linden, Frank [this message]
2018-06-12 23:12 ` van der Linden, Frank
2018-06-13 5:08 ` Balbir Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DBB771BB-F7EE-4488-9613-815AAD74DE62@amazon.com \
--to=fllinden@amazon.com \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox