From fc79cf4fea7221fa62d480648f05e30f7df73f92 Mon Sep 17 00:00:00 2001
From: Ed Maste <emaste@FreeBSD.org>
Date: Thu, 21 Oct 2021 11:09:58 -0400
Subject: [PATCH] iscsid: set max_recv_data_segment_length to what we advertise

Previously we updated the conection's conn_max_recv_data_segment_length
only when we received a response containing MaxRecvDataSegmentLength
from the target.  If the target did not send MaxRecvDataSegmentLength
then we left conn_max_recv_data_segment_length at the default (i.e.,
8192).  A target could then send more data than that defult (up to our
advertised maximum), and we would drop the connection.

RFC 7143 specifies that MaxRecvDataSegmentLength is Declarative, not
negotiated.  Just set conn_max_recv_data_segment_length to our
advertised value in login_negotiate().

PR:		259355
Reviewed by:	mav
MFC after:	1 week
Fixes:		a15fbc904a4d ("Alike to r312190 decouple iSCSI...")
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32605
---
 usr.sbin/iscsid/login.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/usr.sbin/iscsid/login.c b/usr.sbin/iscsid/login.c
index 864695dcbdb..3f0020ef140 100644
--- a/usr.sbin/iscsid/login.c
+++ b/usr.sbin/iscsid/login.c
@@ -403,9 +403,6 @@ login_negotiate_key(struct connection *conn, const char *name,
 			tmp = isl->isl_max_send_data_segment_length;
 		}
 		conn->conn_max_send_data_segment_length = tmp;
-		/* We received target's limit, that means it accepted our's. */
-		conn->conn_max_recv_data_segment_length =
-		    isl->isl_max_recv_data_segment_length;
 	} else if (strcmp(name, "MaxBurstLength") == 0) {
 		tmp = strtoul(value, NULL, 10);
 		if (tmp <= 0)
@@ -538,6 +535,9 @@ login_negotiate(struct connection *conn)
 		    isl->isl_max_recv_data_segment_length);
 	}
 
+	conn->conn_max_recv_data_segment_length =
+	    isl->isl_max_recv_data_segment_length;
+
 	keys_add(request_keys, "DefaultTime2Wait", "0");
 	keys_add(request_keys, "DefaultTime2Retain", "0");
 	keys_add(request_keys, "ErrorRecoveryLevel", "0");