git: f25d7ff3037e - main - pf: SCTP abort messages fully close the connection

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Tue, 17 Dec 2024 20:33:46 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=f25d7ff3037e26286d5a7479e9bf39bd1bb85e4c

commit f25d7ff3037e26286d5a7479e9bf39bd1bb85e4c
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-12-16 15:02:18 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-12-17 20:33:11 +0000

    pf: SCTP abort messages fully close the connection
    
    As per RFC (RFC4960 section 3.3.7) an ABORT terminates the connection fully. We
    should mode the state to CLOSED rather than CLOSING.
    
    Suggested by:   Oliver Thomas
    See also:       https://redmine.pfsense.org/issues/15924
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 11d37747b3a0..695ecfc0269d 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -7181,14 +7181,14 @@ pf_test_state_sctp(struct pf_kstate **state, struct pf_pdesc *pd,
 			(*state)->timeout = PFTM_SCTP_ESTABLISHED;
 		}
 	}
-	if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN | PFDESC_SCTP_ABORT |
+	if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN |
 	    PFDESC_SCTP_SHUTDOWN_COMPLETE)) {
 		if (src->state < SCTP_SHUTDOWN_PENDING) {
 			pf_set_protostate(*state, psrc, SCTP_SHUTDOWN_PENDING);
 			(*state)->timeout = PFTM_SCTP_CLOSING;
 		}
 	}
-	if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN_COMPLETE)) {
+	if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN_COMPLETE | PFDESC_SCTP_ABORT)) {
 		pf_set_protostate(*state, psrc, SCTP_CLOSED);
 		(*state)->timeout = PFTM_SCTP_CLOSED;
 	}