diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2023-09-08 11:49:49 +1000 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2023-09-08 09:16:10 +0200 |
| commit | 5fb376de6ef29e2f21b510aec7cfefeba955e26c (patch) | |
| tree | d8ca2faa58c8264b06f72fc765e15f9365eb8d8d | |
| parent | 805dd109a4aaf851d7293d25bad259493836ce5a (diff) | |
| download | passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar.gz passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar.bz2 passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar.lz passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar.xz passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar.zst passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.zip | |
tcp: Never hash match closed connections
>From a practical point of view, when a TCP connection ends, whether by
FIN or by RST, we set the CLOSED event, then some time later we remove the
connection from the hash table and clean it up. However, from a protocol
point of view, once it's closed, it's gone, and any new packets with
matching addresses and ports are either forming a new connection, or are
invalid packets to discard.
Enforce these semantics in the TCP hash logic by never hash matching closed
connections.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | tcp.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1146,7 +1146,7 @@ static int tcp_hash_match(const struct tcp_tap_conn *conn, const union inany_addr *faddr, in_port_t eport, in_port_t fport) { - if (inany_equals(&conn->faddr, faddr) && + if (conn->events != CLOSED && inany_equals(&conn->faddr, faddr) && conn->eport == eport && conn->fport == fport) return 1; |