From nobody Thu Apr 18 20:21:35 2024
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VL8Ll6WWpz5HWFK;
	Thu, 18 Apr 2024 20:21:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VL8Ll64Wkz4LCl;
	Thu, 18 Apr 2024 20:21:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1713471695;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=r02uUHZ4A5VME4uB+dORiuoiYrRptM4sanTtLN8cWNM=;
	b=XDfgCw69ipPqt4yipnFzzJO4Mp5RmJkHIBrabSodhqch00dX0mtk9oKuXqYd7BM4/bcZUU
	bpCIuuusCfIyZU6k7UkqIIgbb72D6i+ng5Sewu9pZj1cDvSx/eBKYBob/baJcgUbsKVXZs
	iHRp0BIxgSH3RgcfITkB1er4GAmNSr9RE//hdvpXDMEIpT1LBgnmD53/JoCG7gbELJsrak
	cjJUYevYgu7+/OINb3RWYkFppeXjVpD9Q6KvoCFWHT53oH+AkzHcsIC6GI6J/7RxLY9J8x
	WVaR/Y7GGdtZMB3lNmjL8rxU0xuihQsnHQPmUHAGFiX+j5RzvzdgmSZMOYYTLw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1713471695; a=rsa-sha256; cv=none;
	b=bjhOU6CBohHdrPgxt5ioCpavXwCXHi7wNsy3oaaaAuxnC5qDyYur2AfONMouhRsC9rrrL9
	Da+28L0QWPGzAvlDxHdAs91jSdYRGMbRalKamLsfTnKdW7O5VJ0TQRWwQF7pqsyIKkU0Lq
	C8zHX+zEtA7OHPW6RzDVPXEw1yHeb95H/pVcgSH2GBle988AXhG2ybUoU8CTP0fI8wc3ZA
	izICsHJBV9np2u9RBeXiCbOHJIicDsR9x/b5H+DW3iaIMU9M5ZSiQh3rnqdFUSQacmFZTA
	ETxEZ+yMMydnxdUtxLRQW2BN8EXaKZg4Z7X6UsM3TpMahUBukdeDlY6CgiP8ug==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1713471695;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=r02uUHZ4A5VME4uB+dORiuoiYrRptM4sanTtLN8cWNM=;
	b=Em7ZQFy6uVSD2XRGj0EaG3J46Qz6svKN/BSmigNLkRcdNSEIuP0yNSiXrbScVTB4OLErim
	QC1X87YpSKlTuUVkRN8b8pMvU/6oE/Vws3GXe8/CD6vdURlvbLiecIbBsbg1LljScdTh63
	B0GxqdvaNUA+WqqTBdVteK7Qg2UiMaEVyMiYPpLdkkJiupBu7X1a1ZAbdkJwMrqzPUHtqQ
	PWmEyPetkPLZL1IhAtm0X/CdW7YoHfVXyBiWaSau8bzUmYUiB0yTXFYLcQkHwB517ahsl3
	xPEaoste0C/td58UFy7NDAr1zk22ObyhX/MjUVp8iIFsUT2AFJvelbVSTpHpew==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VL8Ll5gvfzP2V;
	Thu, 18 Apr 2024 20:21:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 43IKLZGi036791;
	Thu, 18 Apr 2024 20:21:35 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 43IKLZeT036788;
	Thu, 18 Apr 2024 20:21:35 GMT
	(envelope-from git)
Date: Thu, 18 Apr 2024 20:21:35 GMT
Message-Id: <202404182021.43IKLZeT036788@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Michael Tuexen <tuexen@FreeBSD.org>
Subject: git: c9cd686bd4a0 - main - tcp: drop data received after
  a FIN has been processed
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: tuexen
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: c9cd686bd4a039c652ed5d11019bae10828329df
Auto-Submitted: auto-generated

The branch main has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=c9cd686bd4a039c652ed5d11019bae10828329df

commit c9cd686bd4a039c652ed5d11019bae10828329df
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-04-18 19:50:31 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-04-18 19:54:42 +0000

    tcp: drop data received after a FIN has been processed
    
    RFC 9293 describes the handling of data in the CLOSE-WAIT, CLOSING,
    LAST-ACK, and TIME-WAIT states:
    This should not occur since a FIN has been received from the remote
    side. Ignore the segment text.
    Therefore, implement this handling.
    
    Reviewed by:            rrs, rscheff
    MFC after:              3 days
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D44746
---
 sys/netinet/tcp_input.c       |  6 ++++--
 sys/netinet/tcp_stacks/bbr.c  | 18 ------------------
 sys/netinet/tcp_stacks/rack.c | 14 --------------
 3 files changed, 4 insertions(+), 34 deletions(-)

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 1c6bdedc9368..3fda6e903738 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -2337,9 +2337,11 @@ tcp_do_segment(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th,
 
 	/*
 	 * If new data are received on a connection after the
-	 * user processes are gone, then RST the other end.
+	 * user processes are gone, then RST the other end if
+	 * no FIN has been processed.
 	 */
-	if ((tp->t_flags & TF_CLOSED) && tlen) {
+	if ((tp->t_flags & TF_CLOSED) && tlen > 0 &&
+	    TCPS_HAVERCVDFIN(tp->t_state) == 0) {
 		if ((s = tcp_log_addrs(inc, th, NULL, NULL))) {
 			log(LOG_DEBUG, "%s; %s: %s: Received %d bytes of data "
 			    "after socket was closed, "
diff --git a/sys/netinet/tcp_stacks/bbr.c b/sys/netinet/tcp_stacks/bbr.c
index 06e80db4a0eb..946b65cda6a5 100644
--- a/sys/netinet/tcp_stacks/bbr.c
+++ b/sys/netinet/tcp_stacks/bbr.c
@@ -9555,15 +9555,6 @@ bbr_do_closing(struct mbuf *m, struct tcphdr *th, struct socket *so,
 	if (ctf_drop_checks(to, m, th, tp, &tlen, &thflags, &drop_hdrlen, &ret_val)) {
 		return (ret_val);
 	}
-	/*
-	 * If new data are received on a connection after the user processes
-	 * are gone, then RST the other end.
-	 * We call a new function now so we might continue and setup
-	 * to reset at all data being ack'd.
-	 */
-	if ((tp->t_flags & TF_CLOSED) && tlen &&
-	    bbr_check_data_after_close(m, bbr, tp, &tlen, th, so))
-		return (1);
 	/*
 	 * If last ACK falls within this segment's sequence numbers, record
 	 * its timestamp. NOTE: 1) That the test incorporates suggestions
@@ -9666,15 +9657,6 @@ bbr_do_lastack(struct mbuf *m, struct tcphdr *th, struct socket *so,
 	if (ctf_drop_checks(to, m, th, tp, &tlen, &thflags, &drop_hdrlen, &ret_val)) {
 		return (ret_val);
 	}
-	/*
-	 * If new data are received on a connection after the user processes
-	 * are gone, then RST the other end.
-	 * We call a new function now so we might continue and setup
-	 * to reset at all data being ack'd.
-	 */
-	if ((tp->t_flags & TF_CLOSED) && tlen &&
-	    bbr_check_data_after_close(m, bbr, tp, &tlen, th, so))
-		return (1);
 	/*
 	 * If last ACK falls within this segment's sequence numbers, record
 	 * its timestamp. NOTE: 1) That the test incorporates suggestions
diff --git a/sys/netinet/tcp_stacks/rack.c b/sys/netinet/tcp_stacks/rack.c
index 5b76480ee55d..409402adb907 100644
--- a/sys/netinet/tcp_stacks/rack.c
+++ b/sys/netinet/tcp_stacks/rack.c
@@ -14997,13 +14997,6 @@ rack_do_closing(struct mbuf *m, struct tcphdr *th, struct socket *so,
 			      &rack->r_ctl.challenge_ack_cnt)) {
 		return (ret_val);
 	}
-	/*
-	 * If new data are received on a connection after the user processes
-	 * are gone, then RST the other end.
-	 */
-	if ((tp->t_flags & TF_CLOSED) && tlen &&
-	    rack_check_data_after_close(m, tp, &tlen, th, so))
-		return (1);
 	/*
 	 * If last ACK falls within this segment's sequence numbers, record
 	 * its timestamp. NOTE: 1) That the test incorporates suggestions
@@ -15112,13 +15105,6 @@ rack_do_lastack(struct mbuf *m, struct tcphdr *th, struct socket *so,
 			      &rack->r_ctl.challenge_ack_cnt)) {
 		return (ret_val);
 	}
-	/*
-	 * If new data are received on a connection after the user processes
-	 * are gone, then RST the other end.
-	 */
-	if ((tp->t_flags & TF_CLOSED) && tlen &&
-	    rack_check_data_after_close(m, tp, &tlen, th, so))
-		return (1);
 	/*
 	 * If last ACK falls within this segment's sequence numbers, record
 	 * its timestamp. NOTE: 1) That the test incorporates suggestions