tcp: validate seq for handshake ack

author Florin Coras <fcoras@cisco.com>

Wed, 12 Dec 2018 22:34:38 +0000 (14:34 -0800)

committer Dave Barach <openvpp@barachs.net>

Thu, 13 Dec 2018 13:40:45 +0000 (13:40 +0000)
author Florin Coras <fcoras@cisco.com>
Wed, 12 Dec 2018 22:34:38 +0000 (14:34 -0800)
committer Dave Barach <openvpp@barachs.net>
Thu, 13 Dec 2018 13:40:45 +0000 (13:40 +0000)
diff --git a/src/vcl/vcl_bapi.c b/src/vcl/vcl_bapi.c

index 457fc18..b513bd7 100644 (file)
--- a/src/vcl/vcl_bapi.c
+++ b/src/vcl/vcl_bapi.c
@@ -98,6 +98,7 @@ vcl_segment_detach (u64 segment_handle)
    segment = svm_fifo_segment_get_segment (sm, segment_index);
    svm_fifo_segment_delete (sm, segment);
    vcl_segment_table_del (segment_handle);
+  VDBG (0, "detached segment %u handle %u", segment_index, segment_handle);
  }
  
  static u64
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c

index f04fa5d..3959437 100644 (file)
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -2724,6 +2724,14 @@ tcp46_rcv_process_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
               goto drop;
             }
  
+         /* Make sure the ack is exactly right */
+         if (tc0->rcv_nxt != vnet_buffer (b0)->tcp.seq_number)
+           {
+             error0 = TCP_ERROR_SEGMENT_INVALID;
+             tcp_send_reset_w_pkt (tc0, b0, is_ip4);
+             goto drop;
+           }
+
           /* Update rtt and rto */
           tcp_estimate_initial_rtt (tc0);
author	Florin Coras <fcoras@cisco.com>
	Wed, 12 Dec 2018 22:34:38 +0000 (14:34 -0800)
committer	Dave Barach <openvpp@barachs.net>
	Thu, 13 Dec 2018 13:40:45 +0000 (13:40 +0000)
src/vcl/vcl_bapi.c		patch \| blob \| history
src/vnet/tcp/tcp_input.c		patch \| blob \| history