diff options
| author |   Florin Coras <fcoras@cisco.com> | 2019-06-28 09:18:48 -0700 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2019-07-02 14:28:54 +0000 |
| commit | 8851934da46cc9175d2069c49ef873304be45022 (patch) | |
| tree | 6c68ab9c860e3a1876413dec90267e2de016202b /src | |
| parent | 5d265456febf328b51e0df4205859099c20da895 (diff) | |
tcp: reject out-of-order fins
Type:fix
Change-Id: Iab2c308739f7733dbf70953e0ea87dcc404c60da
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit f73d4c2084c9cb6df4a1f8582acef523e4ba0cb2)
Diffstat (limited to 'src')
| -rw-r--r-- | src/vnet/tcp/tcp_input.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c index ca8f2a53f31..b6d7a2b2bfb 100644 --- a/src/vnet/tcp/tcp_input.c +++ b/src/vnet/tcp/tcp_input.c @@ -1692,6 +1692,10 @@ static void tcp_rcv_fin (tcp_worker_ctx_t * wrk, tcp_connection_t * tc, vlib_buffer_t * b, u32 * error) { + /* Reject out-of-order fins */ + if (vnet_buffer (b)->tcp.seq_end != tc->rcv_nxt) + return; + /* Account for the FIN and send ack */ tc->rcv_nxt += 1; tcp_program_ack (wrk, tc); |