From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id F0DEB5A026F
	for <passt-dev@passt.top>; Fri,  8 Sep 2023 03:50:00 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1694137797;
	bh=Ksj7w0R9yYw44jtecm314ai7odeq1YsMQHymLffSFSM=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=e+GDZVKg88xoOYbXrFJRzVm4IQx3hYndYwPgrb8iYCNIBjA8XNdElgTFfyF84bK1A
	 Wd+bxUQ78fq0D4YCfCDF6wODrauk81Q8gZr7qy1tdeEOF+JMLDYLqTgZL/HoVSzMl7
	 2GAYgAyf/0wltOH+k8z9YhvKKHtjTWAqAPTRaEjE=
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4RhfF10XCQz4xG1; Fri,  8 Sep 2023 11:49:57 +1000 (AEST)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH 4/8] tcp: Never hash match closed connections
Date: Fri,  8 Sep 2023 11:49:49 +1000
Message-ID: <20230908014953.822952-5-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230908014953.822952-1-david@gibson.dropbear.id.au>
References: <20230908014953.822952-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: ISO7GJCZE75DQHQVPVGJUDMLQD3CMC2N
X-Message-ID-Hash: ISO7GJCZE75DQHQVPVGJUDMLQD3CMC2N
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: jlesev@gmail.com, David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20230908014953.822952-5-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/ISO7GJCZE75DQHQVPVGJUDMLQD3CMC2N/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

>From a practical point of view, when a TCP connection ends, whether by
FIN or by RST, we set the CLOSED event, then some time later we remove the
connection from the hash table and clean it up.  However, from a protocol
point of view, once it's closed, it's gone, and any new packets with
matching addresses and ports are either forming a new connection, or are
invalid packets to discard.

Enforce these semantics in the TCP hash logic by never hash matching closed
connections.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 tcp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tcp.c b/tcp.c
index 6a34f82..5592998 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1146,7 +1146,7 @@ static int tcp_hash_match(const struct tcp_tap_conn *conn,
 			  const union inany_addr *faddr,
 			  in_port_t eport, in_port_t fport)
 {
-	if (inany_equals(&conn->faddr, faddr) &&
+	if (conn->events != CLOSED && inany_equals(&conn->faddr, faddr) &&
 	    conn->eport == eport && conn->fport == fport)
 		return 1;
 
-- 
2.41.0