summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2018-12-12 14:34:38 -0800
committerDave Barach <openvpp@barachs.net>2018-12-13 13:40:45 +0000
commit4850e3e73c61830516ac9ccb22976be685bea3b5 (patch)
tree848afd0b0611954bc1941c7bd8fd4dc158a71722
parent42ceddb7cd836a89a12b0b8e623b06bc4c0cc0cb (diff)
tcp: validate seq for handshake ack
Change-Id: Ifc0584d781efc30904069ea17c0afbb68c49c442 Signed-off-by: Florin Coras <fcoras@cisco.com>
-rw-r--r--src/vcl/vcl_bapi.c1
-rw-r--r--src/vnet/tcp/tcp_input.c8
2 files changed, 9 insertions, 0 deletions
diff --git a/src/vcl/vcl_bapi.c b/src/vcl/vcl_bapi.c
index 457fc18b1c2..b513bd7a6b3 100644
--- a/src/vcl/vcl_bapi.c
+++ b/src/vcl/vcl_bapi.c
@@ -98,6 +98,7 @@ vcl_segment_detach (u64 segment_handle)
segment = svm_fifo_segment_get_segment (sm, segment_index);
svm_fifo_segment_delete (sm, segment);
vcl_segment_table_del (segment_handle);
+ VDBG (0, "detached segment %u handle %u", segment_index, segment_handle);
}
static u64
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c
index f04fa5d8901..395943739e8 100644
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -2724,6 +2724,14 @@ tcp46_rcv_process_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
goto drop;
}
+ /* Make sure the ack is exactly right */
+ if (tc0->rcv_nxt != vnet_buffer (b0)->tcp.seq_number)
+ {
+ error0 = TCP_ERROR_SEGMENT_INVALID;
+ tcp_send_reset_w_pkt (tc0, b0, is_ip4);
+ goto drop;
+ }
+
/* Update rtt and rto */
tcp_estimate_initial_rtt (tc0);