aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2023-09-08 11:49:49 +1000
committerStefano Brivio <sbrivio@redhat.com>2023-09-08 09:16:10 +0200
commit5fb376de6ef29e2f21b510aec7cfefeba955e26c (patch)
treed8ca2faa58c8264b06f72fc765e15f9365eb8d8d
parent805dd109a4aaf851d7293d25bad259493836ce5a (diff)
downloadpasst-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar
passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar.gz
passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar.bz2
passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar.lz
passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar.xz
passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.tar.zst
passt-5fb376de6ef29e2f21b510aec7cfefeba955e26c.zip
tcp: Never hash match closed connections
>From a practical point of view, when a TCP connection ends, whether by FIN or by RST, we set the CLOSED event, then some time later we remove the connection from the hash table and clean it up. However, from a protocol point of view, once it's closed, it's gone, and any new packets with matching addresses and ports are either forming a new connection, or are invalid packets to discard. Enforce these semantics in the TCP hash logic by never hash matching closed connections. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r--tcp.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/tcp.c b/tcp.c
index 6a34f82..5592998 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1146,7 +1146,7 @@ static int tcp_hash_match(const struct tcp_tap_conn *conn,
const union inany_addr *faddr,
in_port_t eport, in_port_t fport)
{
- if (inany_equals(&conn->faddr, faddr) &&
+ if (conn->events != CLOSED && inany_equals(&conn->faddr, faddr) &&
conn->eport == eport && conn->fport == fport)
return 1;