pf: always create multihomed states as floating

When we create a new state for multihomed sctp connections (i.e.
based on INIT/INIT_ACK or ASCONF parameters) we cannot know what
interfaces we'll be seeing that traffic on. Make those states floating,
irrespective of state policy.

MFC after:	1 week
Sponsored by:	Orange Business Services

sys/netpfil/pf/pf.c

@@ -6131,8 +6131,12 @@ pf_sctp_multihome_delayed(struct pf_pdesc *pd, int off, struct pfi_kkif *kif,
 			j->pd.sctp_flags |= PFDESC_SCTP_ADD_IP;
 			PF_RULES_RLOCK();
 			sm = NULL;
-			/* XXX: May generated unwanted abort if we try to insert a duplicate state. */
-			ret = pf_test_rule(&r, &sm, kif,
+			/*
+			 * New connections need to be floating, because
+			 * we cannot know what interfaces it will use.
+			 * That's why we pass V_pfi_all rather than kif.
+			 */
+			ret = pf_test_rule(&r, &sm, V_pfi_all,
 			    j->m, off, &j->pd, &ra, &rs, NULL);
 			PF_RULES_RUNLOCK();
 			SDT_PROBE4(pf, sctp, multihome, test, kif, r, j->m, ret);

tests/sys/netpfil/pf/sctp.py

@@ -372,6 +372,7 @@ def test_permutation(self):
 
         ToolsHelper.print_output("/sbin/pfctl -e")
         ToolsHelper.pf_rules([
+            "set state-policy if-bound",
             "block proto sctp",
             "pass inet proto sctp to 192.0.2.0/24"])
 
@@ -386,9 +387,9 @@ def test_permutation(self):
         # Check that we have a state for 192.0.2.3 and 192.0.2.2 to 192.0.2.1, but also to 192.0.2.4
         states = ToolsHelper.get_output("/sbin/pfctl -ss")
         print(states)
-        assert re.search(r"all sctp 192.0.2.1:.*192.0.2.3:1234", states)
+        assert re.search(r".*sctp 192.0.2.1:.*192.0.2.3:1234", states)
         assert re.search(r"all sctp 192.0.2.1:.*192.0.2.2:1234", states)
-        assert re.search(r"all sctp 192.0.2.4:.*192.0.2.3:1234", states)
+        assert re.search(r".*sctp 192.0.2.4:.*192.0.2.3:1234", states)
         assert re.search(r"all sctp 192.0.2.4:.*192.0.2.2:1234", states)
 
 class TestSCTPv6(VnetTestTemplate):