mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-23 03:06:48 +00:00
pf: always create multihomed states as floating
When we create a new state for multihomed sctp connections (i.e. based on INIT/INIT_ACK or ASCONF parameters) we cannot know what interfaces we'll be seeing that traffic on. Make those states floating, irrespective of state policy. MFC after: 1 week Sponsored by: Orange Business Services
This commit is contained in:
parent
772430dd67
commit
0fe663b2a8
|
@ -6131,8 +6131,12 @@ pf_sctp_multihome_delayed(struct pf_pdesc *pd, int off, struct pfi_kkif *kif,
|
||||||
j->pd.sctp_flags |= PFDESC_SCTP_ADD_IP;
|
j->pd.sctp_flags |= PFDESC_SCTP_ADD_IP;
|
||||||
PF_RULES_RLOCK();
|
PF_RULES_RLOCK();
|
||||||
sm = NULL;
|
sm = NULL;
|
||||||
/* XXX: May generated unwanted abort if we try to insert a duplicate state. */
|
/*
|
||||||
ret = pf_test_rule(&r, &sm, kif,
|
* New connections need to be floating, because
|
||||||
|
* we cannot know what interfaces it will use.
|
||||||
|
* That's why we pass V_pfi_all rather than kif.
|
||||||
|
*/
|
||||||
|
ret = pf_test_rule(&r, &sm, V_pfi_all,
|
||||||
j->m, off, &j->pd, &ra, &rs, NULL);
|
j->m, off, &j->pd, &ra, &rs, NULL);
|
||||||
PF_RULES_RUNLOCK();
|
PF_RULES_RUNLOCK();
|
||||||
SDT_PROBE4(pf, sctp, multihome, test, kif, r, j->m, ret);
|
SDT_PROBE4(pf, sctp, multihome, test, kif, r, j->m, ret);
|
||||||
|
|
|
@ -372,6 +372,7 @@ def test_permutation(self):
|
||||||
|
|
||||||
ToolsHelper.print_output("/sbin/pfctl -e")
|
ToolsHelper.print_output("/sbin/pfctl -e")
|
||||||
ToolsHelper.pf_rules([
|
ToolsHelper.pf_rules([
|
||||||
|
"set state-policy if-bound",
|
||||||
"block proto sctp",
|
"block proto sctp",
|
||||||
"pass inet proto sctp to 192.0.2.0/24"])
|
"pass inet proto sctp to 192.0.2.0/24"])
|
||||||
|
|
||||||
|
@ -386,9 +387,9 @@ def test_permutation(self):
|
||||||
# Check that we have a state for 192.0.2.3 and 192.0.2.2 to 192.0.2.1, but also to 192.0.2.4
|
# Check that we have a state for 192.0.2.3 and 192.0.2.2 to 192.0.2.1, but also to 192.0.2.4
|
||||||
states = ToolsHelper.get_output("/sbin/pfctl -ss")
|
states = ToolsHelper.get_output("/sbin/pfctl -ss")
|
||||||
print(states)
|
print(states)
|
||||||
assert re.search(r"all sctp 192.0.2.1:.*192.0.2.3:1234", states)
|
assert re.search(r".*sctp 192.0.2.1:.*192.0.2.3:1234", states)
|
||||||
assert re.search(r"all sctp 192.0.2.1:.*192.0.2.2:1234", states)
|
assert re.search(r"all sctp 192.0.2.1:.*192.0.2.2:1234", states)
|
||||||
assert re.search(r"all sctp 192.0.2.4:.*192.0.2.3:1234", states)
|
assert re.search(r".*sctp 192.0.2.4:.*192.0.2.3:1234", states)
|
||||||
assert re.search(r"all sctp 192.0.2.4:.*192.0.2.2:1234", states)
|
assert re.search(r"all sctp 192.0.2.4:.*192.0.2.2:1234", states)
|
||||||
|
|
||||||
class TestSCTPv6(VnetTestTemplate):
|
class TestSCTPv6(VnetTestTemplate):
|
||||||
|
|
Loading…
Reference in a new issue