From 701311364b8846f25df5ec0d37abd8293b3f9f5e Mon Sep 17 00:00:00 2001
From: Florin Coras <fcoras@cisco.com>
Date: Mon, 27 Nov 2017 02:43:30 -0800
Subject: tcp: fix proxy connection validation

Change-Id: Icb0274cd3bcabfab8bdff6dec7440a3a15edfbf1
Signed-off-by: Florin Coras <fcoras@cisco.com>
---
 src/vnet/tcp/tcp_input.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/vnet')

diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c
index d3db7ef1eec..614b94a4b06 100644
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -1870,6 +1870,10 @@ tcp_lookup_is_valid (tcp_connection_t * tc, tcp_header_t * hdr)
   if (!tc)
     return 1;
 
+  /* Proxy case */
+  if (tc->c_lcl_port == 0 && tc->state == TCP_STATE_LISTEN)
+    return 1;
+
   u8 is_valid = (tc->c_lcl_port == hdr->dst_port
 		 && (tc->state == TCP_STATE_LISTEN
 		     || tc->c_rmt_port == hdr->src_port));
-- 
cgit 1.2.3-korg