From nobody Fri Nov 17 22:33:58 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SXBX71HHjz51Rng;
	Fri, 17 Nov 2023 22:33:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SXBX70ggfz4GNL;
	Fri, 17 Nov 2023 22:33:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1700260439;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=BH+w6SWx7zrgxgtgwe1Rh/ANGq5OTaiqhsfwsDK0dLk=;
	b=AaNJIagUHVvMuHi0oqlCN6vGmOYVFCJ3GehXME8ZqSXLoYwiVOLN6p1Sin0Aa/NqiZgL6d
	EOHlJx7bOO2rliiZBlHii6Z+Fa7XHmyCuXYi1qd22fRtCWWsNgU5V6E+G8uj1JnFYsPwrZ
	WEJCtox/3+6geXxXp5uDM/2JsjMRsZKG9PPYQ+M97zovlcjkE5JxwJUVWSKJayvhIp+pPg
	yiYYnHPhbek7iQ7Get61b/FTanvPWJdh45OjfCodvFGsWUbvuPY42bVqAwyAHel6pzcY3r
	A4fyDFB8DB+PKpph8bYpTJtD/KNNfJH0H/XOiSdk3jXSFJyYTK/nCc4VYcGWqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1700260439;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=BH+w6SWx7zrgxgtgwe1Rh/ANGq5OTaiqhsfwsDK0dLk=;
	b=Wg2453BI32D9utUjSgmKVzDPDgiPTZs4q7V4ytYjRS/T3vnQktvTuTjy1EC0yNBMeGjJnx
	UH/FSrwYjMhT+HtsHmw1K6UgFmoJT2MC12K4oFikks3liJlbsUh+B35QjKQAJ/IxJmmKMy
	Bw0AuNSY75MD2s7zTkK900vm6SzWktzmpqCXumgLja6Dbaq0JVsM4l7A6+mgRrggGBWvuC
	1phnH52i03oreVfBL7EV8IhV+wLbIdhc/9VQ5YDRxohRpZloA2flSaa9rk2vT8jQ95MOHI
	+b3lUNyO0285fyYEakkgnIDf/HxIHRAoJjM5Mo23fOhuY4KWlbOpKNhYqA84aA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1700260439; a=rsa-sha256; cv=none;
	b=jxyzDjBR/uLtaQuWB7QVoQVHFHnCRpibqqWIuQ2VLwc2Um/2sp5+UBFxIK26r9xNK6a0jw
	mkvTJ4tdmrwyJY8brsd6mzkTvefZKxrvX0maNjCKjr+MqQXtfPiWrYuuW76iCwPJajgrKJ
	HK38j4CzUD+y0BQrEy1tLxqTRao4dOhkkXnL6sS5tgt5PDmEF2OCWSwInIunl51S6Ddp8t
	8i3nJaPpuNLcpm3HEJmL39cBebowb/DZ1MWm3boUhjGvjSeqedzmvZGFD5zjgOdZbYXSwt
	bC62sJCeFcpNDZFqNp4huLcfhIB06QL/P90S2rk+dhMNP+O59dtTJ6/o+mG6ig==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SXBX66tgKz126L;
	Fri, 17 Nov 2023 22:33:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3AHMXwh8027458;
	Fri, 17 Nov 2023 22:33:58 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3AHMXw0F027455;
	Fri, 17 Nov 2023 22:33:58 GMT
	(envelope-from git)
Date: Fri, 17 Nov 2023 22:33:58 GMT
Message-Id: <202311172233.3AHMXw0F027455@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: a8dbbeb1c71b - main - pf: skip urpf check for sctp
  multihomed states
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: a8dbbeb1c71b6f302818b8e041a2b50486b90180
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=a8dbbeb1c71b6f302818b8e041a2b50486b90180

commit a8dbbeb1c71b6f302818b8e041a2b50486b90180
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-11-16 19:55:02 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-11-17 22:33:44 +0000

    pf: skip urpf check for sctp multihomed states
    
    When we create a new state for multihomed sctp connections (i.e.
    based on INIT/INIT_ACK or ASCONF parameters) we cannot know what
    interfaces we'll be seeing that traffic on. These states are floating
    states, i.e. on "all" interfaces. We cannot do reverse path filtering
    for these states, so do not do so.
    
    MFC after:      1 week
    Sponsored by:   Orange Business Services
---
 sys/netpfil/pf/pf.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index a9870ebe166b..082987d34b07 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -7160,6 +7160,9 @@ pf_routable(struct pf_addr *addr, sa_family_t af, struct pfi_kkif *kif,
 	if (af != AF_INET && af != AF_INET6)
 		return (0);
 
+	if (kif == V_pfi_all)
+		return (1);
+
 	/* Skip checks for ipsec interfaces */
 	if (kif != NULL && kif->pfik_ifp->if_type == IFT_ENC)
 		return (1);