diff options
author | Florin Coras <fcoras@cisco.com> | 2019-04-02 21:43:38 -0700 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2019-04-04 14:40:16 +0000 |
commit | 282a3cb7265346e1299c9401b35730b80f4b506b (patch) | |
tree | ed50249efa6581ada769da7749a5032a93aace99 /src/vnet/tcp | |
parent | 7c22ff72aa54d15484fdc70e0c1b8a9ec5e880e0 (diff) |
tcp: properly validate acks between snd_nxt and una_max
Change-Id: I37af3cb5fe3fe8556acbf8350f88663dca9ca8a9
Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/tcp')
-rw-r--r-- | src/vnet/tcp/tcp_input.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c index 49270314924..e0139a47e0c 100644 --- a/src/vnet/tcp/tcp_input.c +++ b/src/vnet/tcp/tcp_input.c @@ -411,7 +411,8 @@ tcp_rcv_ack_no_cc (tcp_connection_t * tc, vlib_buffer_t * b, u32 * error) if (!(seq_leq (tc->snd_una, vnet_buffer (b)->tcp.ack_number) && seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_nxt))) { - if (seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_una_max)) + if (seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_una_max) + && seq_gt (vnet_buffer (b)->tcp.ack_number, tc->snd_una)) { tc->snd_nxt = vnet_buffer (b)->tcp.ack_number; goto acceptable; @@ -1580,7 +1581,8 @@ tcp_rcv_ack (tcp_worker_ctx_t * wrk, tcp_connection_t * tc, vlib_buffer_t * b, { /* We've probably entered recovery and the peer still has some * of the data we've sent. Update snd_nxt and accept the ack */ - if (seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_una_max)) + if (seq_leq (vnet_buffer (b)->tcp.ack_number, tc->snd_una_max) + && seq_gt (vnet_buffer (b)->tcp.ack_number, tc->snd_una)) { tc->snd_nxt = vnet_buffer (b)->tcp.ack_number; goto process_ack; |