HomeFreeBSD
Diffusion FreeBSD src repository cd0169c9379c

pf: limit extra SCTP states
cd0169c9379c
Actions

Description

pf: limit extra SCTP states

For SCTP we create states for all combinations of endpoints, to allow multihoming to work.
Malicious users could abuse this to fill our state table more easily
than they otherwise could, because we create states between all
combinations of endpoints. Limit this to no more than 8 extra endpoints
for each side of the connection.

MFC after: 2 weeks
Sponsored by: Orange Business Services

Details

Provenance
kpAuthored on Jun 21 2025, 9:13 AM
Parents
rGa7d631f69d3f: pfctl: fix use-after-free and memory leak in pfctl_optimzie.c
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
sys/
netpfil/
pf/
tests/
sys/
netpfil/
pf/

rGcd0169c9379c

View Options

sys/netpfil/pf/pf.c

Loading...
View Options

tests/sys/netpfil/pf/sctp.py

Loading...