From nobody Sat Aug 03 22:16:34 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wbxr26kF9z5RR64;
	Sat, 03 Aug 2024 22:16:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Wbxr2664yz4D7h;
	Sat,  3 Aug 2024 22:16:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1722723394;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=NKNLAeGZryRYaFN9kFH/4BI3Xa7o8fd/WXn7W2wq4Pw=;
	b=qgXtmiYzMWLLFkz62LTjx5xWYKYZ5wE/suEdquFjOoWNA6F2xLoZsas9RRgLJASIQqjmkh
	Zd7WZhS1liJspDJWYNK1kiadG9s4SfNfHKrmbSHuFkifO2+AyLE1bHCPrmHWfoGNrI35S9
	mSdMWPO+mzVteSog5B/zPcP0eQo+pWOUktupMCT1QZd7UvfsPfCXtfiUuxluLgpDu5XCY4
	pHZBhze1hMwWXARJOhpTNj2jfLLXg4IWtEpvvgW6UnazgAsb9bsoRNSMKHRkLzH1PI9Kov
	ZAf9ME5QiPCUl6jiNW8brkB1tHiOHZzDLMQ+hjYg1JFASEXAEIj3UBz8BrHWQg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1722723394; a=rsa-sha256; cv=none;
	b=T55q5LQpkIh63DqLcQYkrLKmDceZFkchuUprVj+tZnavmH7oM0BakRG0mY8dZEUPQhrn+2
	/Ss//8kTzjxcfy58z7OvsCWbgIZsdbffTJOYWYaxaI1tYCJ0gs5RUTwEGYG72R1RWaL8x4
	5GL3w9plDC7KLVkjvUxRUAExg3XkpgwIQu4AZshYPyRQX+H3iejjs7GXS4cuIcqUy6JM5R
	6x9alSTg9d5606EFDMMBG2yXxfYObQD+peMAU+SBsUhEp9HepoHYODT1OMiV1Fxfq2yTFm
	Q6HbbYEowFCae+/LDvlO2GMJ0BUwmQZfiLGCq8+SywqCUjay8S7fBRkPW98KCw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1722723394;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=NKNLAeGZryRYaFN9kFH/4BI3Xa7o8fd/WXn7W2wq4Pw=;
	b=km2L5ppzrbbzLH22uWLWsmULMN+4ZVM33/mwlB72E3BXgYJiHn0kK8MepMtBjgFOR9tIsQ
	TBu2TwVLtMxQImrzrZEdZcTBCPHsErQnTrpKGGd8z9CY2ZDupm5yQ54ZyKF3ybmcL2De8C
	bw/J3XgMO21snyPOvoqfPZ1XeM2CwbObNc72nbjpnHMPUFGLzOKZuUPjHDeZupI00sB0Vg
	L/Y+xZ/MTb7W4C6tbQU59103B90eSyQrDK+NNDFJ5oEfBkQ9l2kY9HLt6Z8xHYl4ANx5Ia
	kldnLir8PrUql/ezcfvyugmyhiyUJWtXnwDkDsJnjdRAf9eelMTrkqwvWf5bOw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wbxr25hX5zV7L;
	Sat,  3 Aug 2024 22:16:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 473MGYeV008387;
	Sat, 3 Aug 2024 22:16:34 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 473MGYbW008384;
	Sat, 3 Aug 2024 22:16:34 GMT
	(envelope-from git)
Date: Sat, 3 Aug 2024 22:16:34 GMT
Message-Id: <202408032216.473MGYbW008384@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Michael Tuexen <tuexen@FreeBSD.org>
Subject: git: af2702c997f8 - stable/14 - tcp: drop data received
  after a FIN has been processed
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: tuexen
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: af2702c997f85e9517b1538b5b645537bc2a0efc
Auto-Submitted: auto-generated

The branch stable/14 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=af2702c997f85e9517b1538b5b645537bc2a0efc

commit af2702c997f85e9517b1538b5b645537bc2a0efc
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-04-18 19:50:31 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-08-03 22:15:51 +0000

    tcp: drop data received after a FIN has been processed
    
    RFC 9293 describes the handling of data in the CLOSE-WAIT, CLOSING,
    LAST-ACK, and TIME-WAIT states:
    This should not occur since a FIN has been received from the remote
    side. Ignore the segment text.
    Therefore, implement this handling.
    
    Reviewed by:            rrs, rscheff
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D44746
    
    (cherry picked from commit c9cd686bd4a039c652ed5d11019bae10828329df)
---
 sys/netinet/tcp_input.c       |  6 ++++--
 sys/netinet/tcp_stacks/bbr.c  | 18 ------------------
 sys/netinet/tcp_stacks/rack.c | 14 --------------
 3 files changed, 4 insertions(+), 34 deletions(-)

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index dbc2de17785f..2894b6fcf658 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -2323,9 +2323,11 @@ tcp_do_segment(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th,
 
 	/*
 	 * If new data are received on a connection after the
-	 * user processes are gone, then RST the other end.
+	 * user processes are gone, then RST the other end if
+	 * no FIN has been processed.
 	 */
-	if ((tp->t_flags & TF_CLOSED) && tlen) {
+	if ((tp->t_flags & TF_CLOSED) && tlen > 0 &&
+	    TCPS_HAVERCVDFIN(tp->t_state) == 0) {
 		if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
 			log(LOG_DEBUG, "%s; %s: %s: Received %d bytes of data "
 			    "after socket was closed, "
diff --git a/sys/netinet/tcp_stacks/bbr.c b/sys/netinet/tcp_stacks/bbr.c
index f06a35022b25..7803865af818 100644
--- a/sys/netinet/tcp_stacks/bbr.c
+++ b/sys/netinet/tcp_stacks/bbr.c
@@ -9555,15 +9555,6 @@ bbr_do_closing(struct mbuf *m, struct tcphdr *th, struct socket *so,
 	if (ctf_drop_checks(to, m, th, tp, &tlen, &thflags, &drop_hdrlen, &ret_val)) {
 		return (ret_val);
 	}
-	/*
-	 * If new data are received on a connection after the user processes
-	 * are gone, then RST the other end.
-	 * We call a new function now so we might continue and setup
-	 * to reset at all data being ack'd.
-	 */
-	if ((tp->t_flags & TF_CLOSED) && tlen &&
-	    bbr_check_data_after_close(m, bbr, tp, &tlen, th, so))
-		return (1);
 	/*
 	 * If last ACK falls within this segment's sequence numbers, record
 	 * its timestamp. NOTE: 1) That the test incorporates suggestions
@@ -9666,15 +9657,6 @@ bbr_do_lastack(struct mbuf *m, struct tcphdr *th, struct socket *so,
 	if (ctf_drop_checks(to, m, th, tp, &tlen, &thflags, &drop_hdrlen, &ret_val)) {
 		return (ret_val);
 	}
-	/*
-	 * If new data are received on a connection after the user processes
-	 * are gone, then RST the other end.
-	 * We call a new function now so we might continue and setup
-	 * to reset at all data being ack'd.
-	 */
-	if ((tp->t_flags & TF_CLOSED) && tlen &&
-	    bbr_check_data_after_close(m, bbr, tp, &tlen, th, so))
-		return (1);
 	/*
 	 * If last ACK falls within this segment's sequence numbers, record
 	 * its timestamp. NOTE: 1) That the test incorporates suggestions
diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c
index 0bc3b5588b7b..d918d9385446 100644
--- a/sys/netinet/tcp_stacks/rack.c
+++ b/sys/netinet/tcp_stacks/rack.c
@@ -14041,13 +14041,6 @@ rack_do_closing(struct mbuf *m, struct tcphdr *th, struct socket *so,
 			      &rack->r_ctl.challenge_ack_cnt)) {
 		return (ret_val);
 	}
-	/*
-	 * If new data are received on a connection after the user processes
-	 * are gone, then RST the other end.
-	 */
-	if ((tp->t_flags & TF_CLOSED) && tlen &&
-	    rack_check_data_after_close(m, tp, &tlen, th, so))
-		return (1);
 	/*
 	 * If last ACK falls within this segment's sequence numbers, record
 	 * its timestamp. NOTE: 1) That the test incorporates suggestions
@@ -14154,13 +14147,6 @@ rack_do_lastack(struct mbuf *m, struct tcphdr *th, struct socket *so,
 			      &rack->r_ctl.challenge_ack_cnt)) {
 		return (ret_val);
 	}
-	/*
-	 * If new data are received on a connection after the user processes
-	 * are gone, then RST the other end.
-	 */
-	if ((tp->t_flags & TF_CLOSED) && tlen &&
-	    rack_check_data_after_close(m, tp, &tlen, th, so))
-		return (1);
 	/*
 	 * If last ACK falls within this segment's sequence numbers, record
 	 * its timestamp. NOTE: 1) That the test incorporates suggestions