aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKristof Provost <kp@FreeBSD.org>2024-12-16 15:02:18 +0000
committerKristof Provost <kp@FreeBSD.org>2024-12-17 20:33:11 +0000
commitf25d7ff3037e26286d5a7479e9bf39bd1bb85e4c (patch)
tree08405e06aa50af7eac723b56899a9fc7c89ffac1
parent01eb1261443dddcb50a3a278f1278fffdfb0d36e (diff)
pf: SCTP abort messages fully close the connection
As per RFC (RFC4960 section 3.3.7) an ABORT terminates the connection fully. We should mode the state to CLOSED rather than CLOSING. Suggested by: Oliver Thomas See also: https://redmine.pfsense.org/issues/15924 Sponsored by: Rubicon Communications, LLC ("Netgate")
-rw-r--r--sys/netpfil/pf/pf.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 11d37747b3a0..695ecfc0269d 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -7181,14 +7181,14 @@ pf_test_state_sctp(struct pf_kstate **state, struct pf_pdesc *pd,
(*state)->timeout = PFTM_SCTP_ESTABLISHED;
}
}
- if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN | PFDESC_SCTP_ABORT |
+ if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN |
PFDESC_SCTP_SHUTDOWN_COMPLETE)) {
if (src->state < SCTP_SHUTDOWN_PENDING) {
pf_set_protostate(*state, psrc, SCTP_SHUTDOWN_PENDING);
(*state)->timeout = PFTM_SCTP_CLOSING;
}
}
- if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN_COMPLETE)) {
+ if (pd->sctp_flags & (PFDESC_SCTP_SHUTDOWN_COMPLETE | PFDESC_SCTP_ABORT)) {
pf_set_protostate(*state, psrc, SCTP_CLOSED);
(*state)->timeout = PFTM_SCTP_CLOSED;
}