From a75f7d4bf027ac7325b6c650c488b6d5101c4a84 Mon Sep 17 00:00:00 2001
From: whitequark <pz@m-labs.hk>
Date: Tue, 17 Jan 2017 00:24:47 +0000
Subject: [PATCH] Reject all TCP packets in the CLOSED state.

---
 src/socket/tcp.rs | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/socket/tcp.rs b/src/socket/tcp.rs
index 7b576fb..e563477 100644
--- a/src/socket/tcp.rs
+++ b/src/socket/tcp.rs
@@ -542,6 +542,8 @@ impl<'a> TcpSocket<'a> {
     /// See [Socket::process](enum.Socket.html#method.process).
     pub fn process(&mut self, _timestamp: u64, ip_repr: &IpRepr,
                    payload: &[u8]) -> Result<(), Error> {
+        if self.state == State::Closed { return Err(Error::Rejected) }
+
         if ip_repr.protocol() != IpProtocol::Tcp { return Err(Error::Rejected) }
 
         let packet = try!(TcpPacket::new(&payload[..ip_repr.payload_len()]));
@@ -1122,6 +1124,18 @@ mod test {
         }, Err(Error::Rejected));
     }
 
+    #[test]
+    fn test_closed_reject_after_listen() {
+        let mut s = socket();
+        s.listen(LOCAL_END).unwrap();
+        s.close();
+
+        send!(s, TcpRepr {
+            control: TcpControl::Syn,
+            ..SEND_TEMPL
+        }, Err(Error::Rejected));
+    }
+
     #[test]
     fn test_closed_close() {
         let mut s = socket();