tcp: verify the checksum of the first data segment in a new connection
authorFrank van der Linden <>
Tue, 12 Jun 2018 23:09:37 +0000 (23:09 +0000)
committerDavid S. Miller <>
Fri, 15 Jun 2018 00:04:41 +0000 (17:04 -0700)
commit 079096f103fa ("tcp/dccp: install syn_recv requests into ehash
table") introduced an optimization for the handling of child sockets
created for a new TCP connection.

But this optimization passes any data associated with the last ACK of the
connection handshake up the stack without verifying its checksum, because it
calls tcp_child_process(), which in turn calls tcp_rcv_state_process()
directly.  These lower-level processing functions do not do any checksum

Insert a tcp_checksum_complete call in the TCP_NEW_SYN_RECEIVE path to
fix this.

Fixes: 079096f103fa ("tcp/dccp: install syn_recv requests into ehash table")
Signed-off-by: Frank van der Linden <>
Signed-off-by: Eric Dumazet <>
Tested-by: Balbir Singh <>
Reviewed-by: Balbir Singh <>
Signed-off-by: David S. Miller <>

No differences found