Page MenuHomeFreeBSD
Differential D50968

pf: limit extra SCTP states
AbandonedPublic
Actions

Authored by kp on Jun 21 2025, 7:19 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, May 19, 1:34 AM
Unknown Object (File)
Tue, May 19, 1:32 AM
Unknown Object (File)
Thu, May 14, 7:40 AM
Unknown Object (File)
Thu, May 14, 2:38 AM
Unknown Object (File)
Mon, May 11, 12:44 PM
Unknown Object (File)
Tue, Apr 28, 9:55 AM
Unknown Object (File)
Apr 21 2026, 4:43 AM
Unknown Object (File)
Apr 21 2026, 12:58 AM
View All 58 Files
Subscribers
farrokhi
glebius
imp
melifaro
pouria
vegeta_tuxpowered.net

Details

Reviewers
rrs
tuexen
Group Reviewers
network
transport
Summary

For SCTP we create states for all combinations of endpoints, to allow multihoming to work.
Malicious users could abuse this to fill our state table more easily
than they otherwise could, because we create states between all
combinations of endpoints. Limit this to no more than 8 extra endpoints
for each side of the connection.

MFC after: 2 weeks
Sponsored by: Orange Business Services

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 65013
Build 61896: arc lint + arc unit

Event Timeline

kp created this revision.Jun 21 2025, 7:19 PM
Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptJun 21 2025, 7:19 PM
kp requested review of this revision.Jun 21 2025, 7:19 PM
Harbormaster completed remote builds in B65013: Diff 157413.Jun 21 2025, 7:19 PM
pouria added reviewers: transport, rrs, tuexen.Feb 25 2026, 2:10 PM
kp abandoned this revision.Feb 25 2026, 2:19 PM

This is already in the tree, as cd0169c9379c400ec75b77e87ca770e37f964276. I managed to forget to add the 'differential revision' tag, so Phabricator didn't notice.

pouria added a subscriber: pouria.Feb 25 2026, 2:21 PM
In D50968#1270115, @kp wrote:

This is already in the tree, as cd0169c9379c400ec75b77e87ca770e37f964276. I managed to forget to add the 'differential revision' tag, so Phabricator didn't notice.

Thank you

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
11 lines
tests/
sys/
netpfil/
pf/
28 lines

Diff 157413

View Options

sys/netpfil/pf/pf.c

Loading...
View Options

tests/sys/netpfil/pf/sctp.py

Loading...