diff options
author | Florin Coras <fcoras@cisco.com> | 2019-12-27 09:27:52 -0800 |
---|---|---|
committer | Florin Coras <fcoras@cisco.com> | 2019-12-27 09:27:52 -0800 |
commit | b7f035ff4c56cbfd8548c8f1a27fcffb79be6d1f (patch) | |
tree | 8b1c920a195b464e20d92e5eeda2515d55b536d7 | |
parent | b092b77cf238baf1ebba32cb984e9318ff62ad4d (diff) |
tcp: validate port reuse
Type: fix
Make sure existing connection is in time-wait
Change-Id: I8e8bef151f81bcd589b4da0d4bf63cc59f9f451b
Signed-off-by: Florin Coras <fcoras@cisco.com>
-rwxr-xr-x | src/vnet/tcp/tcp_input.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c index 675bc3f4283..de79e3e19ab 100755 --- a/src/vnet/tcp/tcp_input.c +++ b/src/vnet/tcp/tcp_input.c @@ -3195,20 +3195,25 @@ tcp46_listen_inline (vlib_main_t * vm, vlib_node_runtime_t * node, { tc0 = tcp_connection_get (vnet_buffer (b0)->tcp.connection_index, my_thread_index); - /* clean up the old session */ + if (tc0->state != TCP_STATE_TIME_WAIT) + { + error0 = TCP_ERROR_CREATE_EXISTS; + goto drop; + } lc0 = tcp_lookup_listener (b0, tc0->c_fib_index, is_ip4); + /* clean up the old session */ tcp_connection_del (tc0); } if (is_ip4) { ip40 = vlib_buffer_get_current (b0); - th0 = ip4_next_header (ip40); + th0 = tcp_buffer_hdr (b0); } else { ip60 = vlib_buffer_get_current (b0); - th0 = ip6_next_header (ip60); + th0 = tcp_buffer_hdr (b0); } /* Create child session. For syn-flood protection use filter */ |