git: f25d7ff3037e - main - pf: SCTP abort messages fully close the connection
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 17 Dec 2024 20:33:46 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=f25d7ff3037e26286d5a7479e9bf39bd1bb85e4c commit f25d7ff3037e26286d5a7479e9bf39bd1bb85e4c Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-12-16 15:02:18 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-12-17 20:33:11 +0000 pf: SCTP abort messages fully close the connection As per RFC (RFC4960 section 3.3.7) an ABORT terminates the connection fully. We should mode the state to CLOSED rather than CLOSING. Suggested by: Oliver Thomas See also: https://redmine.pfsense.org/issues/15924 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 11d37747b3a0..695ecfc0269d 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -7181,14 +7181,14 @@ pf_test_state_sctp(struct pf_kstate **state, struct pf_pdesc *pd, (*state)->timeout = PFTM_SCTP_ESTABLISHED; } } - if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN | PFDESC_SCTP_ABORT | + if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN | PFDESC_SCTP_SHUTDOWN_COMPLETE)) { if (src->state < SCTP_SHUTDOWN_PENDING) { pf_set_protostate(*state, psrc, SCTP_SHUTDOWN_PENDING); (*state)->timeout = PFTM_SCTP_CLOSING; } } - if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN_COMPLETE)) { + if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN_COMPLETE | PFDESC_SCTP_ABORT)) { pf_set_protostate(*state, psrc, SCTP_CLOSED); (*state)->timeout = PFTM_SCTP_CLOSED; }