From 0e233601c91f8c8797e5501ed51ded91502d58c9 Mon Sep 17 00:00:00 2001
From: Pierre LALET <pierre.lalet@cea.fr>
Date: Tue, 7 Mar 2017 21:12:36 +0100
Subject: [PATCH] Accept TCP RST packets with .ack == 0 as answers

Without this code, when an out of connection TCP packet receives a
TCP answer with flag RST and the ack set to 0, it is not seen as an
answer.

This comes without regression tests because I have been unable to
find a reliable machine without firewall on the Internet.

Simple test, if 192.168.0.1 has no firewall:

>>> sr(IP(dst="192.168.0.1")/TCP(sport=80, dport=12345, flags='SA'),
...    timeout=2)

This test will not terminate without this patch.
---
 scapy/layers/inet.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py
index 7d07e67d..b1c04232 100644
--- a/scapy/layers/inet.py
+++ b/scapy/layers/inet.py
@@ -525,7 +525,12 @@ class TCP(Packet):
             if not ((self.sport == other.dport) and
                     (self.dport == other.sport)):
                 return 0
-        if (abs(other.seq-self.ack) > 2+len(other.payload)):
+        if abs(other.ack - self.seq) > 2:
+            return 0
+        # Do not check ack value for RST packets when ack is 0
+        if self.flags.R and not self.ack:
+            return 1
+        if abs(other.seq - self.ack) > 2 + len(other.payload):
             return 0
         return 1
     def mysummary(self):
-- 
GitLab