Page MenuHomeFreeBSD
Differential D48170

pf: allow ICMP messages related to an SCTP state to pass
ClosedPublic
Actions

Authored by kp on Dec 21 2024, 12:59 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 16, 4:34 PM
Unknown Object (File)
Tue, Mar 4, 7:00 AM
Unknown Object (File)
Feb 3 2025, 5:59 AM
Unknown Object (File)
Jan 18 2025, 4:40 AM
Unknown Object (File)
Jan 4 2025, 2:50 PM
Unknown Object (File)
Jan 1 2025, 2:30 AM
Unknown Object (File)
Dec 31 2024, 2:40 AM
Unknown Object (File)
Dec 30 2024, 2:00 AM
View All 17 Files
Subscribers
farrokhi
glebius
imp
melifaro
vegeta_tuxpowered.net

Details

Reviewers
None
Group Reviewers
network
Commits
rG7d5e02b01577: pf: allow ICMP messages related to an SCTP state to pass
Summary

Much like we already do for TCP and UDP we should also parse SCTP-in-ICMP
messages to see if they apply to an SCTP connection we've already allowed. If so
we should allow the ICMP packet to pass, even if we'd otherwise block it.

Add a test case where we generate an 'ICMP unreachable - need to frag' packet
and check that it passes through pf.

MFC after: 2 weeks
Sponsored by: Orange Business Services

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kp created this revision.Dec 21 2024, 12:59 PM
Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptDec 21 2024, 12:59 PM
kp requested review of this revision.Dec 21 2024, 12:59 PM
Harbormaster completed remote builds in B61295: Diff 148304.Dec 21 2024, 12:59 PM
This revision was not accepted when it landed; it landed in state Needs Review.Jan 4 2025, 2:50 PM
Closed by commit rG7d5e02b01577: pf: allow ICMP messages related to an SCTP state to pass (authored by kp). · Explain Why
This revision was automatically updated to reflect the committed changes.
kp added a commit: rG7d5e02b01577: pf: allow ICMP messages related to an SCTP state to pass.

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
137 lines
tests/
sys/
netpfil/
pf/
86 lines

Diff 148774

View Options

sys/netpfil/pf/pf.c

Loading...
View Options

tests/sys/netpfil/pf/sctp.sh

Loading...