From nobody Fri Nov 24 14:10:48 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ScH2K3Lpsz52bKS; Fri, 24 Nov 2023 14:10:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ScH2J5JCwz3fj8; Fri, 24 Nov 2023 14:10:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700835048; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/+CUX2pFcSJnmAwVGi6hgDC6sTfO2Mhs3j1H9fugWro=; b=k5fDqLIM7ZgHkMngwIGtAPQTu1ep5X5uWmn5o1ytKHFOH4V7sW9IqNa3gcNbOvDm6RPANP tEmnQYc4BEFBrPr9/2SC3NZBVVy4tvbJrU1i5WBWQyQAwgrFnp9jtKzH4uhggIkk22w+YQ Uplnq1oUre+DnaNVCQEGuVn2rjltTa5aiyL9lrLDqJ83v6fYuqjLCbw5/41LqPvE9kDzQS 62Y85khS0ktU7Rlb79pYkz6xGBPs9rK73whlZIvbLKIcm4lt5/Ze4mpQ5s/neq0rhUE8ku cVdbxvfsJr03cyK2ZMNRA/b3uy5pyruqJYvMQgR0juGLK2xSIKdnF1CmmAd44Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1700835048; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/+CUX2pFcSJnmAwVGi6hgDC6sTfO2Mhs3j1H9fugWro=; b=BZ1yWnyFrt3yc+6E/KVdsXv1wv+Med+dcBncGbzqIX+o40/oTJ1v6rBuuRiN6nHo5au42L jPy7szW7IJtxX5RO8lxPQYQjdn9UiwkzCU/T3uiDOZgwy2VF9nvV0K/UcemYFZvZSIwiBn RmtYZw6T/hHdV24MMLKlKzlkbKItaFHGuLuS1ZLqtGEKv37zx+89Ub01CH0Owb9X/5Z7Uo M2AHP0mEb9yOp9/yKfVl8Auj2PCKS6UVuD6rZuHR5ohEq4i7DQERpvQIDRLDwJPnjG//an pHhSp/ihFNeAWBZDqEXA1y6gAmk0Tq2DcXvMAhgZVBMqfxttVrWRkLeiCOV2Kw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700835048; a=rsa-sha256; cv=none; b=Rkqxh5AbmqMgltASNASjdE8SAdjPo/eEGpP4NkeoC3pHHg19osyHyQM7qWMxS6sVtbB6f0 B9GD3dajrQz7/FMmI/7QOHF2eaKirgMIRGWd7RIzYZp1R4oLKQ+7n59KhUqYJYrY4RKdTp Ra++kEKEg8xxocmM+n2/sFxK0CnczhyyAdEPm3W6T3n2kfCRmabh2ffFSNcD2nrGw55fpl rOUepbyRBTK1c2pq+DQthZQl3/73cBFJsLeWGQueRLUozKRyze2Old7Y7FrGCXw+v3ruxr iDI/gQjH9bwfPbAqEvdvoKKZ6zZ42z4+eJHE5UYn1R+hLHQ3Im6CoGaotklQ5Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ScH2J4NtBzp1F; Fri, 24 Nov 2023 14:10:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3AOEAmNH025151; Fri, 24 Nov 2023 14:10:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3AOEAm56025148; Fri, 24 Nov 2023 14:10:48 GMT (envelope-from git) Date: Fri, 24 Nov 2023 14:10:48 GMT Message-Id: <202311241410.3AOEAm56025148@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: a0fb8e16fe3d - stable/13 - pf: skip urpf check for sctp multihomed states List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a0fb8e16fe3d43445c1ac312ddcf38ceb50f23d1 Auto-Submitted: auto-generated The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a0fb8e16fe3d43445c1ac312ddcf38ceb50f23d1 commit a0fb8e16fe3d43445c1ac312ddcf38ceb50f23d1 Author: Kristof Provost AuthorDate: 2023-11-16 19:55:02 +0000 Commit: Kristof Provost CommitDate: 2023-11-24 09:20:36 +0000 pf: skip urpf check for sctp multihomed states When we create a new state for multihomed sctp connections (i.e. based on INIT/INIT_ACK or ASCONF parameters) we cannot know what interfaces we'll be seeing that traffic on. These states are floating states, i.e. on "all" interfaces. We cannot do reverse path filtering for these states, so do not do so. MFC after: 1 week Sponsored by: Orange Business Services (cherry picked from commit a8dbbeb1c71b6f302818b8e041a2b50486b90180) --- sys/netpfil/pf/pf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 84ff1fea7731..278c1db118cf 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6570,6 +6570,9 @@ pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *kif, if (af != AF_INET && af != AF_INET6) return (0); + if (kif == V_pfi_all) + return (1); + /* Skip checks for ipsec interfaces */ if (kif != NULL && kif->pfik_ifp->if_type == IFT_ENC) return (1);