gro: Only verify TCP checksums for candidates
In some cases we may receive IP packets that are longer than their stated lengths. Such packets are never merged in GRO. However, we may end up computing their checksums incorrectly and end up allowing packets with a bogus checksum enter our stack with the checksum status set as verified. Since such packets are rare and not performance-critical, this patch simply skips the checksum verification for them. Reported-by: Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Alexander Duyck <alexander.h.duyck@intel.com> Thanks, Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
d6c4161485
commit
cc5c00bbb4
|
@ -276,6 +276,10 @@ static struct sk_buff **tcp4_gro_receive(struct sk_buff **head, struct sk_buff *
|
|||
__wsum wsum;
|
||||
__sum16 sum;
|
||||
|
||||
/* Don't bother verifying checksum if we're going to flush anyway. */
|
||||
if (NAPI_GRO_CB(skb)->flush)
|
||||
goto skip_csum;
|
||||
|
||||
switch (skb->ip_summed) {
|
||||
case CHECKSUM_COMPLETE:
|
||||
if (!tcp_v4_check(skb_gro_len(skb), iph->saddr, iph->daddr,
|
||||
|
@ -301,6 +305,7 @@ flush:
|
|||
break;
|
||||
}
|
||||
|
||||
skip_csum:
|
||||
return tcp_gro_receive(head, skb);
|
||||
}
|
||||
|
||||
|
|
|
@ -39,6 +39,10 @@ static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
|
|||
__wsum wsum;
|
||||
__sum16 sum;
|
||||
|
||||
/* Don't bother verifying checksum if we're going to flush anyway. */
|
||||
if (NAPI_GRO_CB(skb)->flush)
|
||||
goto skip_csum;
|
||||
|
||||
switch (skb->ip_summed) {
|
||||
case CHECKSUM_COMPLETE:
|
||||
if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
|
||||
|
@ -65,6 +69,7 @@ flush:
|
|||
break;
|
||||
}
|
||||
|
||||
skip_csum:
|
||||
return tcp_gro_receive(head, skb);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue