From 8851934da46cc9175d2069c49ef873304be45022 Mon Sep 17 00:00:00 2001
From: Florin Coras <fcoras@cisco.com>
Date: Fri, 28 Jun 2019 09:18:48 -0700
Subject: tcp: reject out-of-order fins

Type:fix

Change-Id: Iab2c308739f7733dbf70953e0ea87dcc404c60da
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit f73d4c2084c9cb6df4a1f8582acef523e4ba0cb2)
---
 src/vnet/tcp/tcp_input.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c
index ca8f2a53f31..b6d7a2b2bfb 100644
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -1692,6 +1692,10 @@ static void
 tcp_rcv_fin (tcp_worker_ctx_t * wrk, tcp_connection_t * tc, vlib_buffer_t * b,
 	     u32 * error)
 {
+  /* Reject out-of-order fins */
+  if (vnet_buffer (b)->tcp.seq_end != tc->rcv_nxt)
+    return;
+
   /* Account for the FIN and send ack */
   tc->rcv_nxt += 1;
   tcp_program_ack (wrk, tc);
-- 
cgit 1.2.3-korg