From winfried@oak.pl  Tue Nov 20 17:21:57 2007
Return-Path: <winfried@oak.pl>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ED65F16A418
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 20 Nov 2007 17:21:57 +0000 (UTC)
	(envelope-from winfried@oak.pl)
Received: from mx.oak.pl (mx.oak.pl [217.96.108.251])
	by mx1.freebsd.org (Postfix) with ESMTP id B396113C469
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 20 Nov 2007 17:21:57 +0000 (UTC)
	(envelope-from winfried@oak.pl)
Received: by oak.pl (Postfix, from userid 1002)
	id 0AA511CCDC; Tue, 20 Nov 2007 18:04:50 +0100 (CET)
Message-Id: <20071120170450.0AA511CCDC@oak.pl>
Date: Tue, 20 Nov 2007 18:04:50 +0100 (CET)
From: Jan Srzednicki <w@wrzask.pl>
To: FreeBSD-gnats-submit@freebsd.org
Cc: daniel@benzedrine.cx
Subject: pf(4) uses invalid timeout values for half-closed connections (fix included)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         118154
>Category:       kern
>Synopsis:       pf(4) uses invalid timeout values for half-closed connections (fix included)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-pf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 20 17:30:01 UTC 2007
>Closed-Date:    Wed Nov 21 06:27:49 UTC 2007
>Last-Modified:  Wed Nov 21 14:00:08 UTC 2007
>Originator:     Jan Srzednicki
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
No, nay, never
>Environment:
System: FreeBSD oak.pl 6.2-STABLE FreeBSD 6.2-STABLE #12: Tue Jul 31 20:37:10 CEST 2007 root@oak.pl:/usr/obj/usr/src/sys/MISTLETOE i386

pf(4) from base system.

>Description:

The pf(4) packet filter in the RELENG_6 tree (this also affects 6.2-R and older releases)
contains a long-fixed in OpenBSD bug, which causes half-closed TCP connections (after
one side sends a FIN) to be timeouted by the "tcp.closed" timeout, instead of
"tcp.closing". This causes any subsequent packets to fall into "state mismatch", after
the "tcp.closing" timeout has passed.

HEAD has this thing fixed. OpenBSD had this fixed more than 2 years ago:

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r1=1.493&r2=1.494&f=h

It would be good to have that fixed before 6.3-RELEASE is out.

Thanks to Daniel Hartmeier for helping me figuring the thing out.

>How-To-Repeat:

Set "tcp.closed" timeout to a very small value (eg. 5 seconds) and create a half-closed
connection. The connection will get cut off after the timeout.

>Fix:

--- src/sys/contrib/pf/net/pf.c.orig       Tue Nov 20 11:33:15 2007
+++ src/sys/contrib/pf/net/pf.c    Tue Nov 20 11:33:40 2007
@@ -4634,8 +4634,8 @@
                if (src->state >= TCPS_FIN_WAIT_2 &&
                    dst->state >= TCPS_FIN_WAIT_2)
                        (*state)->timeout = PFTM_TCP_CLOSED;
-               else if (src->state >= TCPS_FIN_WAIT_2 ||
-                   dst->state >= TCPS_FIN_WAIT_2)
+               else if (src->state >= TCPS_CLOSING &&
+                   dst->state >= TCPS_CLOSING)
                        (*state)->timeout = PFTM_TCP_FIN_WAIT;
                else if (src->state < TCPS_ESTABLISHED ||
                    dst->state < TCPS_ESTABLISHED)


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-pf 
Responsible-Changed-By: remko 
Responsible-Changed-When: Tue Nov 20 17:47:23 UTC 2007 
Responsible-Changed-Why:  
reassign to maintaining group. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=118154 
State-Changed-From-To: open->closed 
State-Changed-By: dhartmei 
State-Changed-When: Wed Nov 21 06:27:00 UTC 2007 
State-Changed-Why:  
Commited to RELENG_6 with re@ approval, thank you! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=118154 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/118154: commit references a PR
Date: Wed, 21 Nov 2007 13:52:16 +0000 (UTC)

 dhartmei    2007-11-21 13:52:04 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_6)
     sys/contrib/pf/net   pf.c 
   Log:
   forced commit (no change) to fix PR number
   
   PR:             kern/118154
   Approved by:    re (obrien)
   
   Revision  Changes    Path
   1.34.2.8  +1 -1      src/sys/contrib/pf/net/pf.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
