Page MenuHomeFreeBSD

Add support for ABORT action in ipfw
ClosedPublic

Authored by tuexen on Nov 25 2017, 3:06 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 16, 12:44 AM
Unknown Object (File)
Jan 26 2024, 2:44 PM
Unknown Object (File)
Jan 26 2024, 2:44 PM
Unknown Object (File)
Jan 26 2024, 2:44 PM
Unknown Object (File)
Jan 26 2024, 2:44 PM
Unknown Object (File)
Jan 26 2024, 9:03 AM
Unknown Object (File)
Dec 30 2023, 3:52 AM
Unknown Object (File)
Dec 10 2023, 6:11 PM
Subscribers

Details

Summary

This patch adds support for an action for ipfw to send an SCTP packet containing an ABORT chunk. This is similar to the TCP case, where a TCP reset segment is sent.

There is one limitation: When sending an ABORT in response to a packet it should be tested if there is no ABORT in the incoming packet. Currently it is only checked if the first chunk is an ABORT chunk to avoid parsing through the whole packet.

Test Plan

It was tested with packets containing INIT chunks, non-INIT chunks, packets containing no chunks. IPv4 and IPv6 was used. Thanks to Timo Völker for creating some test scripts to test this.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bcr added a subscriber: bcr.

OK from manpages, you just need to bump the .Dd to the date of the actual commit.

This revision is now accepted and ready to land.Nov 25 2017, 3:12 PM

I'm not familiar with SCTP, from other side seems good to me, except some style issues.

sys/netpfil/ipfw/ip_fw2.c
480 ↗(On Diff #35765)

It seems this function can be made static.

484 ↗(On Diff #35765)

This line should be moved below according to style(9) :)

Address comments made by bcr@ and ae@.

This revision now requires review to proceed.Nov 26 2017, 6:09 PM
This revision was automatically updated to reflect the committed changes.

Thanks to bcr@ and ae@ for reviewing this patch so fast!

Best regards
Michael