Hi, I spent some time working on making it possible to load the SCTP stack as a kernel module, the same as we do today with IPSec. There is one patch remaining to be committed before that can be done in head. One caveat is that the module can't be unloaded, as some work is needed to make this safe. However, this obviously isn't a regression.
The work is based on the observations that: 1) the in-kernel SCTP stack is not widely used (I know that the same code is used in some userland applications), and 2) the SCTP stack is quite large, most FreeBSD kernel developers are unfamiliar with it, and bugs in it can easily lead to security holes. Michael has done a lot of work to fix issues in the SCTP code, particularly those found by syzkaller, but given that in-kernel SCTP has few users (almost certainly fewer than IPSec), it seems reasonable to require users to opt in to having an SCTP stack with a simple "kldload sctp". Thus, once the last patch is committed I would like to propose removing "options SCTP" from GENERIC kernel configs in head, replacing it with "options SCTP_SUPPORT" to enable sctp.ko to be loaded. I am wondering if anyone has any objections to or concerns about this proposal. Any feedback is appreciated. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
