diff options
author | gVisor bot <gvisor-bot@google.com> | 2019-11-23 01:00:25 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-11-23 01:00:25 +0000 |
commit | 9ee0687661824f0b1cc6f5b8d86ede59a755b3a2 (patch) | |
tree | 0a0e4466cc21b576694cbd5fc72acef7883dfdab /pkg/tcpip/transport/tcp | |
parent | a9af31835128704f3ed7f411af069784db81e3d6 (diff) | |
parent | b0a1bbd3e248888cf6c9e6fa73df5d2c22490f85 (diff) |
Merge release-20191114.0-25-gb0a1bbd (automated)
Diffstat (limited to 'pkg/tcpip/transport/tcp')
-rw-r--r-- | pkg/tcpip/transport/tcp/connect.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pkg/tcpip/transport/tcp/connect.go b/pkg/tcpip/transport/tcp/connect.go index 00c0c9a92..f14f0ca65 100644 --- a/pkg/tcpip/transport/tcp/connect.go +++ b/pkg/tcpip/transport/tcp/connect.go @@ -299,6 +299,15 @@ func (h *handshake) synRcvdState(s *segment) *tcpip.Error { return nil } + // RFC 793, Section 3.9, page 69, states that in the SYN-RCVD state, a + // sequence number outside of the window causes an ACK with the proper seq + // number and "After sending the acknowledgment, drop the unacceptable + // segment and return." + if !s.sequenceNumber.InWindow(h.ackNum, h.rcvWnd) { + h.ep.sendRaw(buffer.VectorisedView{}, header.TCPFlagAck, h.iss+1, h.ackNum, h.rcvWnd) + return nil + } + if s.flagIsSet(header.TCPFlagSyn) && s.sequenceNumber != h.ackNum-1 { // We received two SYN segments with different sequence // numbers, so we reset this and restart the whole |