From jdc@koitsu.dyndns.org  Fri Jul  4 11:55:02 2008
Return-Path: <jdc@koitsu.dyndns.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C76591065682
	for <freebsd-gnats-submit@freebsd.org>; Fri,  4 Jul 2008 11:55:02 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from QMTA10.westchester.pa.mail.comcast.net (qmta10.westchester.pa.mail.comcast.net [76.96.62.17])
	by mx1.freebsd.org (Postfix) with ESMTP id 746B38FC15
	for <freebsd-gnats-submit@freebsd.org>; Fri,  4 Jul 2008 11:55:02 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from OMTA10.westchester.pa.mail.comcast.net ([76.96.62.28])
	by QMTA10.westchester.pa.mail.comcast.net with comcast
	id lmJ51Z00M0cZkys5AnksHE; Fri, 04 Jul 2008 11:44:52 +0000
Received: from koitsu.dyndns.org ([67.180.253.227])
	by OMTA10.westchester.pa.mail.comcast.net with comcast
	id lnkz1Z0034v8bD73Wnkzxt; Fri, 04 Jul 2008 11:45:00 +0000
Received: by icarus.home.lan (Postfix, from userid 1000)
	id 2A96A17B833; Fri,  4 Jul 2008 04:44:59 -0700 (PDT)
Message-Id: <20080704114459.2A96A17B833@icarus.home.lan>
Date: Fri,  4 Jul 2008 04:44:59 -0700 (PDT)
From: Jeremy Chadwick <koitsu@FreeBSD.org>
Reply-To: Jeremy Chadwick <koitsu@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Backport OpenBSD 4.3 patch for pf re-using state
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         125261
>Category:       kern
>Synopsis:       [pf] [patch] Backport OpenBSD 4.3 patch for pf re-using state
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    mlaier
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 04 12:00:08 UTC 2008
>Closed-Date:    Tue Mar 31 12:44:55 UTC 2009
>Last-Modified:  Tue Mar 31 12:44:55 UTC 2009
>Originator:     Jeremy Chadwick
>Release:        FreeBSD 7.0-STABLE amd64
>Organization:
>Environment:
System: FreeBSD icarus.home.lan 7.0-STABLE FreeBSD 7.0-STABLE #0: Sat May 3 16:20:41 PDT 2008 root@icarus.home.lan:/usr/obj/usr/src/sys/PDSMI_PLUS_amd64 amd64
>Description:
	OpenBSD 4.3's pf contains a sufficient workaround for a problem
	where a state mismatch can occur as a result of a TCP port being
	re-used (SYN) before the state table entry is removed.  The change
	is described here:

	http://www.openbsd.org/plus43.html

	* In pf(4), allow state reuse if both sides are in FIN_WAIT_2 and a new SYN arrives.

>How-To-Repeat:
	n/a
>Fix:
	CVS diff is here:

	http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r2=1.559&r1=1.558&f=H

	This would have to be applied to src/sys/contrib/net/pf.c, inserted at
	line ~4762, for RELENG_7.  I believe this can also be backported to RELENG_6.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-pf 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Jul 4 13:10:36 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125261 
Responsible-Changed-From-To: freebsd-pf->mlaier 
Responsible-Changed-By: mlaier 
Responsible-Changed-When: Fri Jul 4 15:17:48 UTC 2008 
Responsible-Changed-Why:  
I'll take a look at this.  While here I'll also try to get the missing diffs 
for SACK vs. modulate state imported. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125261 

From: Kenneth Vestergaard Schmidt <kvs@binarysolutions.dk>
To: bug-followup@FreeBSD.org,
 koitsu@FreeBSD.org
Cc:  
Subject: Re: kern/125261: [pf] [patch] Backport OpenBSD 4.3 patch for pf re-using state
Date: Fri, 4 Jul 2008 22:16:19 +0200

 Hi,
 
 Confirmed working here - we've been bitten pretty hard by this on  
 different occasions.
 Replicating it was as easy as doing 10k fetches of an empty file via  
 HTTP, and either
 the source or the target would barf. Not with this patch.
 
 -- 
 Kenneth Schmidt
 pil.dk
 
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/125261: commit references a PR
Date: Mon,  4 Aug 2008 14:42:29 +0000 (UTC)

 mlaier      2008-08-04 14:42:09 UTC
 
   FreeBSD src repository
 
   Modified files:
     sys/contrib/pf/net   pf.c 
   Log:
   SVN rev 181295 on 2008-08-04 14:42:09Z by mlaier
   
   Merge state reuse for tcp.
   
   PR:             kern/125261
   Obtained from:  OpenBSD
   MFC after:      1 week
   
   Revision  Changes    Path
   1.55      +17 -0     src/sys/contrib/pf/net/pf.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/125261: commit references a PR
Date: Mon, 11 Aug 2008 18:00:15 +0000 (UTC)

 mlaier      2008-08-11 17:59:47 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_7)
     sys/contrib/pf/net   pf.c 
   Log:
   SVN rev 181596 on 2008-08-11 17:59:47Z by mlaier
   
   MFC r181295: tcp state reuse
   
   PR:             kern/125261
   
   Revision  Changes    Path
   1.46.2.3  +17 -0     src/sys/contrib/pf/net/pf.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: emaste 
State-Changed-When: Thu Mar 19 19:57:38 UTC 2009 
State-Changed-Why:  
Patch has been applied and MFC'd to 7.  Max, I suspect you're not planning 
to MFC this to 6, in which case I think this can be closed. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=125261 
State-Changed-From-To: patched->closed 
State-Changed-By: mlaier 
State-Changed-When: Tue Mar 31 12:44:18 UTC 2009 
State-Changed-Why:  
Close this one.  As Ed noted, a merge to RELENG_6 is not planned. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125261 
>Unformatted:
