Page MenuHomeFreeBSD
Differential D50968

pf: limit extra SCTP states
AbandonedPublic
Actions

Authored by kp on Jun 21 2025, 7:19 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 21, 7:23 AM
Unknown Object (File)
Wed, Mar 18, 11:47 PM
Unknown Object (File)
Fri, Mar 13, 4:15 PM
Unknown Object (File)
Fri, Mar 13, 6:54 AM
Unknown Object (File)
Fri, Mar 13, 1:42 AM
Unknown Object (File)
Wed, Mar 11, 10:13 AM
Unknown Object (File)
Wed, Mar 11, 9:55 AM
Unknown Object (File)
Mon, Mar 9, 8:13 PM
View All 46 Files
Subscribers
farrokhi
glebius
imp
melifaro
pouria
vegeta_tuxpowered.net

Details

Reviewers
rrs
tuexen
Group Reviewers
network
transport
Summary

For SCTP we create states for all combinations of endpoints, to allow multihoming to work.
Malicious users could abuse this to fill our state table more easily
than they otherwise could, because we create states between all
combinations of endpoints. Limit this to no more than 8 extra endpoints
for each side of the connection.

MFC after: 2 weeks
Sponsored by: Orange Business Services

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 65013
Build 61896: arc lint + arc unit

Event Timeline

kp created this revision.Jun 21 2025, 7:19 PM
Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 2 others. · View Herald TranscriptJun 21 2025, 7:19 PM
kp requested review of this revision.Jun 21 2025, 7:19 PM
Harbormaster completed remote builds in B65013: Diff 157413.Jun 21 2025, 7:19 PM
pouria added reviewers: transport, rrs, tuexen.Wed, Feb 25, 2:10 PM
kp abandoned this revision.Wed, Feb 25, 2:19 PM

This is already in the tree, as cd0169c9379c400ec75b77e87ca770e37f964276. I managed to forget to add the 'differential revision' tag, so Phabricator didn't notice.

pouria added a subscriber: pouria.Wed, Feb 25, 2:21 PM
In D50968#1270115, @kp wrote:

This is already in the tree, as cd0169c9379c400ec75b77e87ca770e37f964276. I managed to forget to add the 'differential revision' tag, so Phabricator didn't notice.

Thank you

Revision Contents
Changeset List

PathSize
sys/
netpfil/
pf/
11 lines
tests/
sys/
netpfil/
pf/
28 lines

Diff 157413

View Options

sys/netpfil/pf/pf.c

Loading...
View Options

tests/sys/netpfil/pf/sctp.py

Loading...