Re-ack sessions when duplicate SYN packets are received

Author: pimterry

app/src/main/java/tech/httptoolkit/android/vpn/SessionHandler.java

@@ -306,6 +306,20 @@ private void sendAck(IPv4Header ipheader, TCPHeader tcpheader, int acceptedDataL
 		writer.write(data);
 	}
 
+	/**
+	 * resend the last acknowledgment packet to VPN client, e.g. when an unexpected out of order
+	 * packet arrives.
+	 * @param session Session
+	 */
+	private void resendAck(Session session){
+		byte[] data = TCPPacketFactory.createResponseAckData(
+				session.getLastIpHeader(),
+				session.getLastTcpHeader(),
+				session.getRecSequence()
+		);
+		writer.write(data);
+	}
+
 	private void sendAckForDisorder(IPv4Header ipHeader, TCPHeader tcpheader, int acceptedDataLength) {
 		long ackNumber = tcpheader.getSequenceNumber() + acceptedDataLength;
 		Log.d(TAG,"sent disorder ack, ack# " + tcpheader.getSequenceNumber() +
@@ -378,6 +392,14 @@ private void replySynAck(IPv4Header ip, TCPHeader tcp) throws IOException {
 			ip.getSourceIP(), tcp.getSourcePort()
 		);
 
+		if (session.getLastIpHeader() != null) {
+			// We have an existing session for this connection! We've somehow received a SYN
+			// for an existing socket (or some kind of other race). We resend the last ACK
+			// for this session, rejecting this SYN. Not clear why this happens, but it can.
+			resendAck(session);
+			return;
+		}
+
 		synchronized (session) {
 			session.setMaxSegmentSize(tcpheader.getMaxSegmentSize());
 			session.setSendUnack(tcpheader.getSequenceNumber());

app/src/main/java/tech/httptoolkit/android/vpn/SessionManager.java

@@ -126,11 +126,10 @@ public void closeSession(@NonNull Session session){
 	public Session createNewUDPSession(int ip, int port, int srcIp, int srcPort) throws IOException {
 		String keys = Session.getSessionKey(ip, port, srcIp, srcPort);
 
-		if (table.containsKey(keys)) {
-			// For TCP, we freak out if you try to create an already existing session.
-			// With UDP though, it's totally fine:
-			return table.get(keys);
-		}
+		// For TCP, we freak out if you try to create an already existing session.
+		// With UDP though, it's totally fine:
+		Session existingSession = table.get(keys);
+		if (existingSession != null) return existingSession;
 
 		Session session = new Session(srcIp, srcPort, ip, port, this);
 
@@ -162,12 +161,13 @@ public Session createNewUDPSession(int ip, int port, int srcIp, int srcPort) thr
 	@NotNull
 	public Session createNewTCPSession(int ip, int port, int srcIp, int srcPort) throws IOException {
 		String key = Session.getSessionKey(ip, port, srcIp, srcPort);
-		if (table.containsKey(key)) {
-			// This can happen if we receive two SYN packets somehow. That shouldn't happen, especially
-			// given that our connection is local & should be 100% reliable, but it does. We probably
-			// should RST, for now we just throw here (and so drop the packet entirely).
-			throw new IllegalArgumentException("Can't create duplicate session");
-		}
+
+		Session existingSession = table.get(key);
+
+		// This can happen if we receive two SYN packets somehow. That shouldn't happen,
+		// given that our connection is local & should be 100% reliable, but it can.
+		// We return the initialized session, which will be reacked to indicate rejection.
+		if (existingSession != null) return existingSession;
 
 		Session session = new Session(srcIp, srcPort, ip, port, this);