tcp: fix proxy connection validation

author Florin Coras <fcoras@cisco.com>

Mon, 27 Nov 2017 10:43:30 +0000 (02:43 -0800)

committer Dave Wallace <dwallacelf@gmail.com>

Mon, 27 Nov 2017 15:25:52 +0000 (15:25 +0000)
author Florin Coras <fcoras@cisco.com>
Mon, 27 Nov 2017 10:43:30 +0000 (02:43 -0800)
committer Dave Wallace <dwallacelf@gmail.com>
Mon, 27 Nov 2017 15:25:52 +0000 (15:25 +0000)
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c

index d3db7ef..614b94a 100644 (file)
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -1870,6 +1870,10 @@ tcp_lookup_is_valid (tcp_connection_t * tc, tcp_header_t * hdr)
    if (!tc)
      return 1;
  
+  /* Proxy case */
+  if (tc->c_lcl_port == 0 && tc->state == TCP_STATE_LISTEN)
+    return 1;
+
    u8 is_valid = (tc->c_lcl_port == hdr->dst_port
                  && (tc->state == TCP_STATE_LISTEN
                      || tc->c_rmt_port == hdr->src_port));
author	Florin Coras <fcoras@cisco.com>
	Mon, 27 Nov 2017 10:43:30 +0000 (02:43 -0800)
committer	Dave Wallace <dwallacelf@gmail.com>
	Mon, 27 Nov 2017 15:25:52 +0000 (15:25 +0000)