From 257ab8de93312295d475638498c57e4de77a4b02 Mon Sep 17 00:00:00 2001
From: Brian Geffon <bgeffon@google.com>
Date: Tue, 22 May 2018 15:51:55 -0700
Subject: When sending a RST the acceptable ACK window shouldn't change.

Today when we transmit a RST it's happening during the time-wait
flow. Because a FIN is allowed to advance the acceptable ACK window
we're incorrectly doing that for a RST.

PiperOrigin-RevId: 197637565
Change-Id: I080190b06bd0225326cd68c1fbf37bd3fdbd414e
---
 pkg/tcpip/transport/tcp/snd.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'pkg/tcpip')

diff --git a/pkg/tcpip/transport/tcp/snd.go b/pkg/tcpip/transport/tcp/snd.go
index 6c363a929..95bea4d88 100644
--- a/pkg/tcpip/transport/tcp/snd.go
+++ b/pkg/tcpip/transport/tcp/snd.go
@@ -342,15 +342,17 @@ func (s *sender) sendData() {
 			s.ep.mu.Lock()
 			// We're sending a FIN by default
 			fl := flagFin
+			segEnd = seg.sequenceNumber
 			if (s.ep.shutdownFlags&tcpip.ShutdownRead) != 0 && rcvBufUsed > 0 {
 				// If there is unread data we must send a RST.
 				// For more information see RFC 2525 section 2.17.
 				fl = flagRst
+			} else {
+				segEnd = seg.sequenceNumber.Add(1)
 			}
+
 			s.ep.mu.Unlock()
 			seg.flags |= uint8(fl)
-
-			segEnd = seg.sequenceNumber.Add(1)
 		} else {
 			// We're sending a non-FIN segment.
 			if !seg.sequenceNumber.LessThan(end) {
-- 
cgit v1.2.3