From 45835a60fd09e083cdd39058ab30ca3d5a6bac47 Mon Sep 17 00:00:00 2001 From: Zeling Feng Date: Wed, 23 Feb 2022 00:41:50 -0800 Subject: [PATCH] Fix the RST response to unacceptable ACK in SYN-RCVD Fixes #7199. PiperOrigin-RevId: 430388697 --- pkg/tcpip/transport/tcp/connect.go | 11 +++++------ test/packetimpact/runner/defs.bzl | 1 - 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/pkg/tcpip/transport/tcp/connect.go b/pkg/tcpip/transport/tcp/connect.go index 06f56367b..4a93bb805 100644 --- a/pkg/tcpip/transport/tcp/connect.go +++ b/pkg/tcpip/transport/tcp/connect.go @@ -214,12 +214,11 @@ func (h *handshake) resetToSynRcvd(iss seqnum.Value, irs seqnum.Value, opts head // response. func (h *handshake) checkAck(s *segment) bool { if s.flags.Contains(header.TCPFlagAck) && s.ackNumber != h.iss+1 { - // RFC 793, page 36, states that a reset must be generated when - // the connection is in any non-synchronized state and an - // incoming segment acknowledges something not yet sent. The - // connection remains in the same state. - ack := s.sequenceNumber.Add(s.logicalLen()) - h.ep.sendRaw(buffer.VectorisedView{}, header.TCPFlagRst|header.TCPFlagAck, s.ackNumber, ack, 0) + // RFC 793, page 72 (https://datatracker.ietf.org/doc/html/rfc793#page-72): + // If the segment acknowledgment is not acceptable, form a reset segment, + // + // and send it. + h.ep.sendRaw(buffer.VectorisedView{}, header.TCPFlagRst, s.ackNumber, 0, 0) return false } diff --git a/test/packetimpact/runner/defs.bzl b/test/packetimpact/runner/defs.bzl index 700f51c4c..20595a2cb 100644 --- a/test/packetimpact/runner/defs.bzl +++ b/test/packetimpact/runner/defs.bzl @@ -309,7 +309,6 @@ ALL_TESTS = [ ), PacketimpactTestInfo( name = "tcp_acceptable_ack_syn_rcvd", - expect_netstack_failure = True, ), ]