From nobody Tue Dec 17 20:33:46 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCT6f5Vp3z5hh92; Tue, 17 Dec 2024 20:33:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YCT6f47b0z4c5X; Tue, 17 Dec 2024 20:33:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734467626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+7yH9YqQ2dlofpVjWs0XA6JpaKfPX3GO/Zt1qXam3Nk=; b=CsfHPsmTcSPeGXVvDdguyEU59zoiUXsfwxpJe1II0KHJijrn7mirUojKsWDfUTlMvg+TRl jgJJc6EUApjL62krNwgSu88NhvX95/GmbGtOZMw9QPNbnupznQic+zjIoXFrzn6BdZOJEq M4+n74Uc9DlmqjFowTA9pNj8lwesbB65BRJC1oNuVfwqSGRG50zaYjGO9xv6uzCTDcXhNM apka5A7r3rQX2EQrs2emPXmZ9XPljk21UB/KcC0FS9TKkFXgKHDeNDF85ufpW9W4WBc8QP QRoj/T5GWltb8BpAzilBIbQ43z/2LtHMS8+HzJOWlxyHiCo47afmxjNthWaqgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734467626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+7yH9YqQ2dlofpVjWs0XA6JpaKfPX3GO/Zt1qXam3Nk=; b=bzdVWENe/ikutpaZ+kOaLbOAx0x/OqIjo8y45DYEXMuxK6oyfElv15G7Cb28DhbKAFIwlB CnPfMj9IvKCUZGznSG4SDEhTPXlSpwvmkE5seQ1Ufe6JthtC7lbCXJyHmW76hn1WIe7LBb NaOUVAl+eBcdSrouT25dPANsJcxKhoyMP5s3JrHDfjUq+gMJnBuIDg9bXeI9dL20rLkkcU 8MDr5rIOjHgbAtprL7jKDqsVdnXL+D7UfAOU3kcAZk+Qv6J3OWZDtVCmFSixShJbD2GAHv LSg7jy3OR9jbtprbbZi/xC6PwWyD5KhK8OiFNh+gDxPo+gLeiKp+7to9VUrjQQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734467626; a=rsa-sha256; cv=none; b=alloSPW/hqek9IISy+/L2pVVUpRA3VMZ+p7/iiixZ40yJaJcNCx12UGOm6XsWoRP/YoLHv witsFdGHqREp4/+eXgpTScYDL1NQflqYU1OywfD4brc5/GA1Ow3UHV6HnnLi7X3JzLCilM fjqVBMJQ9oIJJQc4BTxhIXwR+uPjxkQEJPTh+TJ0en25ptfYLZnEfaVkvmjJc0F6GSgi/M n+KCREtIlyi4GE6LgxMzXKZamEJbRWTpPN3ppJpf1ODlIa93//s5+s3AzUz+eHbfLrfC4n JEkU/AXuiYmhyVxyQEvnuApK5I6mxS5/hVT8SRImrWwMdmKe7Y2Vf0E0wOjh0w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YCT6f3kwPzfQx; Tue, 17 Dec 2024 20:33:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BHKXkEi098811; Tue, 17 Dec 2024 20:33:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BHKXkZS098808; Tue, 17 Dec 2024 20:33:46 GMT (envelope-from git) Date: Tue, 17 Dec 2024 20:33:46 GMT Message-Id: <202412172033.4BHKXkZS098808@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: f25d7ff3037e - main - pf: SCTP abort messages fully close the connection List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f25d7ff3037e26286d5a7479e9bf39bd1bb85e4c Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=f25d7ff3037e26286d5a7479e9bf39bd1bb85e4c commit f25d7ff3037e26286d5a7479e9bf39bd1bb85e4c Author: Kristof Provost AuthorDate: 2024-12-16 15:02:18 +0000 Commit: Kristof Provost CommitDate: 2024-12-17 20:33:11 +0000 pf: SCTP abort messages fully close the connection As per RFC (RFC4960 section 3.3.7) an ABORT terminates the connection fully. We should mode the state to CLOSED rather than CLOSING. Suggested by: Oliver Thomas See also: https://redmine.pfsense.org/issues/15924 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 11d37747b3a0..695ecfc0269d 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -7181,14 +7181,14 @@ pf_test_state_sctp(struct pf_kstate **state, struct pf_pdesc *pd, (*state)->timeout = PFTM_SCTP_ESTABLISHED; } } - if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN | PFDESC_SCTP_ABORT | + if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN | PFDESC_SCTP_SHUTDOWN_COMPLETE)) { if (src->state < SCTP_SHUTDOWN_PENDING) { pf_set_protostate(*state, psrc, SCTP_SHUTDOWN_PENDING); (*state)->timeout = PFTM_SCTP_CLOSING; } } - if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN_COMPLETE)) { + if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN_COMPLETE | PFDESC_SCTP_ABORT)) { pf_set_protostate(*state, psrc, SCTP_CLOSED); (*state)->timeout = PFTM_SCTP_CLOSED; }