mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-07 00:50:50 +00:00
pf: always create multihomed states as floating
When we create a new state for multihomed sctp connections (i.e. based on INIT/INIT_ACK or ASCONF parameters) we cannot know what interfaces we'll be seeing that traffic on. Make those states floating, irrespective of state policy. MFC after: 1 week Sponsored by: Orange Business Services
This commit is contained in:
parent
772430dd67
commit
0fe663b2a8
|
@ -6131,8 +6131,12 @@ pf_sctp_multihome_delayed(struct pf_pdesc *pd, int off, struct pfi_kkif *kif,
|
|||
j->pd.sctp_flags |= PFDESC_SCTP_ADD_IP;
|
||||
PF_RULES_RLOCK();
|
||||
sm = NULL;
|
||||
/* XXX: May generated unwanted abort if we try to insert a duplicate state. */
|
||||
ret = pf_test_rule(&r, &sm, kif,
|
||||
/*
|
||||
* New connections need to be floating, because
|
||||
* we cannot know what interfaces it will use.
|
||||
* That's why we pass V_pfi_all rather than kif.
|
||||
*/
|
||||
ret = pf_test_rule(&r, &sm, V_pfi_all,
|
||||
j->m, off, &j->pd, &ra, &rs, NULL);
|
||||
PF_RULES_RUNLOCK();
|
||||
SDT_PROBE4(pf, sctp, multihome, test, kif, r, j->m, ret);
|
||||
|
|
|
@ -372,6 +372,7 @@ def test_permutation(self):
|
|||
|
||||
ToolsHelper.print_output("/sbin/pfctl -e")
|
||||
ToolsHelper.pf_rules([
|
||||
"set state-policy if-bound",
|
||||
"block proto sctp",
|
||||
"pass inet proto sctp to 192.0.2.0/24"])
|
||||
|
||||
|
@ -386,9 +387,9 @@ def test_permutation(self):
|
|||
# Check that we have a state for 192.0.2.3 and 192.0.2.2 to 192.0.2.1, but also to 192.0.2.4
|
||||
states = ToolsHelper.get_output("/sbin/pfctl -ss")
|
||||
print(states)
|
||||
assert re.search(r"all sctp 192.0.2.1:.*192.0.2.3:1234", states)
|
||||
assert re.search(r".*sctp 192.0.2.1:.*192.0.2.3:1234", states)
|
||||
assert re.search(r"all sctp 192.0.2.1:.*192.0.2.2:1234", states)
|
||||
assert re.search(r"all sctp 192.0.2.4:.*192.0.2.3:1234", states)
|
||||
assert re.search(r".*sctp 192.0.2.4:.*192.0.2.3:1234", states)
|
||||
assert re.search(r"all sctp 192.0.2.4:.*192.0.2.2:1234", states)
|
||||
|
||||
class TestSCTPv6(VnetTestTemplate):
|
||||
|
|
Loading…
Reference in a new issue