Send a TCP RST in response to a TCP SYN-ACK on a listening endpoint

This change better follows what is outlined in RFC 793 section 3.4 figure 12 where a listening socket should not accept a SYN-ACK segment in response to a (potentially) old SYN segment. Tests: Test that checks the TCP RST segment sent in response to a TCP SYN-ACK segment received on a listening TCP endpoint. PiperOrigin-RevId: 278893114
author: Ghanan Gowripalan <ghanan@google.com> 2019-11-06 10:42:00 -0800
committer: gVisor bot <gvisor-bot@google.com> 2019-11-06 10:44:20 -0800
commit: d0d89ceeddd21f1f22e818d78dc3b07d3669dbb5 (patch)
tree: 86cd1ee8da9365b358ff5e8a5392dcbadcf3544d /pkg/tcpip/transport/tcp/segment.go
parent: a824b48ceac4e2e3bacd23d63e72881c76d669c8 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/pkg/tcpip/transport/tcp/segment.go b/pkg/tcpip/transport/tcp/segment.go
index ea725d513..c4a89525e 100644
--- a/pkg/tcpip/transport/tcp/segment.go
+++ b/pkg/tcpip/transport/tcp/segment.go
@@ -99,8 +99,14 @@ func (s *segment) clone() *segment {
 	return t
 }
 
-func (s *segment) flagIsSet(flag uint8) bool {
-	return (s.flags & flag) != 0
+// flagIsSet checks if at least one flag in flags is set in s.flags.
+func (s *segment) flagIsSet(flags uint8) bool {
+	return s.flags&flags != 0
+}
+
+// flagsAreSet checks if all flags in flags are set in s.flags.
+func (s *segment) flagsAreSet(flags uint8) bool {
+	return s.flags&flags == flags
 }
 
 func (s *segment) decRef() {
author	Ghanan Gowripalan <ghanan@google.com>	2019-11-06 10:42:00 -0800
committer	gVisor bot <gvisor-bot@google.com>	2019-11-06 10:44:20 -0800
commit	d0d89ceeddd21f1f22e818d78dc3b07d3669dbb5 (patch)
tree	86cd1ee8da9365b358ff5e8a5392dcbadcf3544d /pkg/tcpip/transport/tcp/segment.go
parent	a824b48ceac4e2e3bacd23d63e72881c76d669c8 (diff)