Diffusion FreeBSD src repository e4f2733df8c9

pf: add 'allow-related' to always allow SCTP multihome extra connections
e4f2733df8c9
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

pf: add 'allow-related' to always allow SCTP multihome extra connections

Allow users to choose to allow permitted SCTP connections to set up additional
multihomed connections regardless of the ruleset. That is, allow an already
established connection to set up flows that would otherwise be disallowed.

In case of if-bound connections we initially set the extra associations to
be floating, because we don't know what path they'll be taking when they're
created. Once we see the first traffic we can bind them.

MFC after: 2 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D48453

Details

Provenance

kp	Authored on Thu, Jan 9, 8:28 PM

Differential Revision

D48453: pf: add 'allow-related' to always allow SCTP multihome extra connections

Parents

rG4713d2fd5663: pf: verify SCTP v_tag before updating connection state

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rGe4f2733df8c9: pf: add 'allow-related' to always allow SCTP multihome extra connections (authored by kp).Fri, Jan 17, 8:41 AM

kp added an edge: D48453: pf: add 'allow-related' to always allow SCTP multihome extra connections.Fri, Jan 17, 12:07 PM

Changes (6)

Path

Size

sbin/

pfctl/

share/

man/

man5/

sys/

net/

netpfil/

pf/

tests/

sys/

netpfil/

pf/

rGe4f2733df8c9

sbin/pfctl/parse.y

Loading...

share/man/man5/pf.conf.5

Loading...

sys/net/pfvar.h

Loading...

sys/netpfil/pf/pf.c

Loading...

sys/netpfil/pf/pf.h

Loading...

tests/sys/netpfil/pf/sctp.py

Loading...