svn commit: r324216 - in head: sbin/ipfw sys/netpfil/ipfw

Michael Tuexen tuexen at FreeBSD.org
Mon Oct 2 18:25:31 UTC 2017 

Author: tuexen
Date: Mon Oct  2 18:25:30 2017
New Revision: 324216
URL: https://svnweb.freebsd.org/changeset/base/324216

Log:
  Fix a bug which avoided that rules for matching port numbers for SCTP
  packets where actually matched.
  While there, make clean in the man-page that SCTP port numbers are
  supported in rules.
  
  MFC after:	1 month

Modified:
  head/sbin/ipfw/ipfw.8
  head/sys/netpfil/ipfw/ip_fw2.c

Modified: head/sbin/ipfw/ipfw.8
==============================================================================
--- head/sbin/ipfw/ipfw.8	Mon Oct  2 18:03:55 2017	(r324215)
+++ head/sbin/ipfw/ipfw.8	Mon Oct  2 18:25:30 2017	(r324216)
@@ -1,7 +1,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 3, 2017
+.Dd October 2, 2017
 .Dt IPFW 8
 .Os
 .Sh NAME
@@ -537,7 +537,7 @@ for filtering packets, among the following:
 .It Layer-2 header fields
 When available
 .It IPv4 and IPv6 Protocol
-TCP, UDP, ICMP, etc.
+SCTP, TCP, UDP, ICMP, etc.
 .It Source and dest. addresses and ports
 .It Direction
 See Section
@@ -1396,7 +1396,7 @@ error-prone.
 No support for sets of IPv6 addresses is provided because IPv6 addresses
 are typically random past the initial prefix.
 .It Ar ports : Bro Ar port | port Ns \&- Ns Ar port Ns Brc Ns Op , Ns Ar ports
-For protocols which support port numbers (such as TCP and UDP), optional
+For protocols which support port numbers (such as SCTP, TCP and UDP), optional
 .Cm ports
 may be specified as one or more ports or port ranges, separated
 by commas but no spaces, and an optional

Modified: head/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw2.c	Mon Oct  2 18:03:55 2017	(r324215)
+++ head/sys/netpfil/ipfw/ip_fw2.c	Mon Oct  2 18:25:30 2017	(r324216)
@@ -1663,8 +1663,8 @@ do {								\
 				 * to guarantee that we have a
 				 * packet with port info.
 				 */
-				if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP)
-				    && offset == 0) {
+				if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP ||
+				    proto==IPPROTO_SCTP) && offset == 0) {
 					u_int16_t x =
 					    (cmd->opcode == O_IP_SRCPORT) ?
 						src_port : dst_port ;

More information about the svn-src-all mailing list