From bf580cf64dbea1c70a3269914fad6490f7a4968d Mon Sep 17 00:00:00 2001
From: Zhaozhong Ni <nzz@google.com>
Date: Tue, 10 Jul 2018 13:53:39 -0700
Subject: netstack: only do connected TCP S/R for loopback connections.

PiperOrigin-RevId: 204006237
Change-Id: Ica8402ab54d9dd7d11cc41c6d74aacef51d140b7
---
 pkg/tcpip/transport/tcp/endpoint_state.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'pkg/tcpip/transport/tcp')

diff --git a/pkg/tcpip/transport/tcp/endpoint_state.go b/pkg/tcpip/transport/tcp/endpoint_state.go
index 43765d425..ad20407fa 100644
--- a/pkg/tcpip/transport/tcp/endpoint_state.go
+++ b/pkg/tcpip/transport/tcp/endpoint_state.go
@@ -50,11 +50,16 @@ func (e *endpoint) beforeSave() {
 
 	switch e.state {
 	case stateInitial, stateBound:
-	case stateListen, stateConnecting, stateConnected:
-		if e.state == stateConnected && !e.workerRunning {
+	case stateConnected:
+		if e.route.Capabilities()&stack.CapabilitySaveRestore == 0 {
+			panic(tcpip.ErrSaveRejection{fmt.Errorf("endpoint cannot be saved in connected state: local %v:%d, remote %v:%d", e.id.LocalAddress, e.id.LocalPort, e.id.RemoteAddress, e.id.RemotePort)})
+		}
+		if !e.workerRunning {
 			// The endpoint must be in acceptedChan.
 			break
 		}
+		fallthrough
+	case stateListen, stateConnecting:
 		e.drainSegmentLocked()
 		if e.state != stateClosed && e.state != stateError {
 			if !e.workerRunning {
-- 
cgit v1.2.3