Differential D48453

pf: add 'allow-related' to always allow SCTP multihome extra connections
Needs ReviewPublic
Actions

Authored by kp on Tue, Jan 14, 8:55 AM.

Tags

None

Referenced Files

	F107485656: D48453.id149221.diff
	Tue, Jan 14, 9:32 PM

	F107471252: D48453.id.diff
	Tue, Jan 14, 4:00 PM

	F107464390: D48453.diff
	Tue, Jan 14, 1:22 PM

Subscribers

vegeta_tuxpowered.net

Details

Reviewers

None

Group Reviewers

Summary

Allow users to choose to allow permitted SCTP connections to set up additional
multihomed connections regardless of the ruleset. That is, allow an already
established connection to set up flows that would otherwise be disallowed.

In case of if-bound connections we initially set the extra associations to
be floating, because we don't know what path they'll be taking when they're
created. Once we see the first traffic we can bind them.

MFC after: 2 weeks
Sponsored by: Orange Business Services

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 61710
Build 58594: arc lint + arc unit

Event Timeline

kp created this revision.Tue, Jan 14, 8:55 AM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 3 others. · View Herald TranscriptTue, Jan 14, 8:55 AM

kp requested review of this revision.Tue, Jan 14, 8:55 AM

Harbormaster completed remote builds in B61710: Diff 149221.Tue, Jan 14, 8:55 AM

Revision Contents
Changeset List

Path

Size

sbin/

pfctl/

21 lines

share/

man/

man5/

6 lines

sys/

net/

1 line

netpfil/

pf/

1 line

24 lines

tests/

sys/

netpfil/

pf/

76 lines

Diff 149221

sbin/pfctl/parse.y

Loading...

share/man/man5/pf.conf.5

Loading...

sys/net/pfvar.h

Loading...

sys/netpfil/pf/pf.h

Loading...

sys/netpfil/pf/pf.c

Loading...

tests/sys/netpfil/pf/sctp.py

Loading...