tcp: reject out-of-order fins

Type:fix

Change-Id: Iab2c308739f7733dbf70953e0ea87dcc404c60da
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit f73d4c2084c9cb6df4a1f8582acef523e4ba0cb2)

diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c
index ca8f2a5..b6d7a2b 100644 (file)
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -1692,6 +1692,10 @@ static void
 tcp_rcv_fin (tcp_worker_ctx_t * wrk, tcp_connection_t * tc, vlib_buffer_t * b,
             u32 * error)
 {
+  /* Reject out-of-order fins */
+  if (vnet_buffer (b)->tcp.seq_end != tc->rcv_nxt)
+    return;
+
   /* Account for the FIN and send ack */
   tc->rcv_nxt += 1;
   tcp_program_ack (wrk, tc);