Diffusion FreeBSD src repository 7d5e02b01577

pf: allow ICMP messages related to an SCTP state to pass
7d5e02b01577
Actions

Description

pf: allow ICMP messages related to an SCTP state to pass

Much like we already do for TCP and UDP we should also parse SCTP-in-ICMP
messages to see if they apply to an SCTP connection we've already allowed. If so
we should allow the ICMP packet to pass, even if we'd otherwise block it.

Add a test case where we generate an 'ICMP unreachable - need to frag' packet
and check that it passes through pf.

MFC after: 2 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D48170

Details

Provenance

kp	Authored on Fri, Dec 20, 1:38 PM

Differential Revision

D48170: pf: allow ICMP messages related to an SCTP state to pass

Parents

rG305c40dc552f: TCP BBR: simplify expression

Branches

Unknown

Tags

Unknown

Event Timeline

kp committed rG7d5e02b01577: pf: allow ICMP messages related to an SCTP state to pass (authored by kp).Sat, Jan 4, 2:37 PM

kp added an edge: D48170: pf: allow ICMP messages related to an SCTP state to pass.Sat, Jan 4, 2:50 PM

Changes (2)

Path

Size

sys/

netpfil/

pf/

pf.c

tests/

sys/

netpfil/

pf/

sctp.sh

rG7d5e02b01577

View Options

sys/netpfil/pf/pf.c