[tcp] Do not send RST for unrecognised connections

On large networks with substantial numbers of monitoring agents,
unwanted TCP connection attempts may end up flooding iPXE's ARP cache.

Fix by silently dropping packets received for unrecognised TCP
connections.  This should not cause problems, since many firewalls
will also silently drop any such packets.

Reported-by: Jarrod Johnson <jarrod.b.johnson@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/net/tcp.c b/src/net/tcp.c
index 938edd577ddcfe9bf8c9af98924c99478f3bf3cd..8432d559d1a6fda03de0bf3cabda12b957d5b062 100644 (file)
--- a/src/net/tcp.c
+++ b/src/net/tcp.c
@@ -1218,7 +1218,6 @@ static int tcp_rx ( struct io_buffer *iobuf,
 
        /* If no connection was found, send RST */
        if ( ! tcp ) {
-               tcp_xmit_reset ( tcp, st_src, tcphdr );
                rc = -ENOTCONN;
                goto discard;
        }