tcp: validate connection state in retransmit

[vpp.git] / src / vnet / tcp / tcp_output.c

diff --git a/src/vnet/tcp/tcp_output.c b/src/vnet/tcp/tcp_output.c
index 619dce1..0cf7fa9 100644 (file)
--- a/src/vnet/tcp/tcp_output.c
+++ b/src/vnet/tcp/tcp_output.c
@@ -1515,7 +1515,7 @@ tcp_timer_retransmit_handler_i (u32 index, u8 is_syn)
     {
       tc = tcp_half_open_connection_get (index);
       /* Note: the connection may have transitioned to ESTABLISHED... */
-      if (PREDICT_FALSE (tc == 0))
+      if (PREDICT_FALSE (tc == 0 || tc->state != TCP_STATE_SYN_SENT))
        return;
       tc->timers[TCP_TIMER_RETRANSMIT_SYN] = TCP_TIMER_HANDLE_INVALID;
     }
@@ -1523,7 +1523,7 @@ tcp_timer_retransmit_handler_i (u32 index, u8 is_syn)
     {
       tc = tcp_connection_get (index, thread_index);
       /* Note: the connection may have been closed and pool_put */
-      if (PREDICT_FALSE (tc == 0))
+      if (PREDICT_FALSE (tc == 0 || tc->state < TCP_STATE_SYN_RCVD))
        return;
       tc->timers[TCP_TIMER_RETRANSMIT] = TCP_TIMER_HANDLE_INVALID;
     }
@@ -2214,6 +2214,7 @@ VLIB_REGISTER_NODE (tcp4_output_node) =
   /* Takes a vector of packets. */
   .vector_size = sizeof (u32),
   .n_errors = TCP_N_ERROR,
+  .protocol_hint = VLIB_NODE_PROTO_HINT_TCP,
   .error_strings = tcp_error_strings,
   .n_next_nodes = TCP_OUTPUT_N_NEXT,
   .next_nodes = {
@@ -2236,6 +2237,7 @@ VLIB_REGISTER_NODE (tcp6_output_node) =
     /* Takes a vector of packets. */
   .vector_size = sizeof (u32),
   .n_errors = TCP_N_ERROR,
+  .protocol_hint = VLIB_NODE_PROTO_HINT_TCP,
   .error_strings = tcp_error_strings,
   .n_next_nodes = TCP_OUTPUT_N_NEXT,
   .next_nodes = {