From b3b79fd3fd9c000af79bfa2ca60390a9ccabb9e5 Mon Sep 17 00:00:00 2001 From: tuexen Date: Mon, 2 Oct 2017 18:25:30 +0000 Subject: [PATCH] Fix a bug which avoided that rules for matching port numbers for SCTP packets where actually matched. While there, make clean in the man-page that SCTP port numbers are supported in rules. MFC after: 1 month --- sbin/ipfw/ipfw.8 | 6 +++--- sys/netpfil/ipfw/ip_fw2.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 96349a0563ce..cb19b5b65d2a 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 3, 2017 +.Dd October 2, 2017 .Dt IPFW 8 .Os .Sh NAME @@ -537,7 +537,7 @@ for filtering packets, among the following: .It Layer-2 header fields When available .It IPv4 and IPv6 Protocol -TCP, UDP, ICMP, etc. +SCTP, TCP, UDP, ICMP, etc. .It Source and dest. addresses and ports .It Direction See Section @@ -1396,7 +1396,7 @@ error-prone. No support for sets of IPv6 addresses is provided because IPv6 addresses are typically random past the initial prefix. .It Ar ports : Bro Ar port | port Ns \&- Ns Ar port Ns Brc Ns Op , Ns Ar ports -For protocols which support port numbers (such as TCP and UDP), optional +For protocols which support port numbers (such as SCTP, TCP and UDP), optional .Cm ports may be specified as one or more ports or port ranges, separated by commas but no spaces, and an optional diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index 5464e59a464e..77cee3a8284a 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -1663,8 +1663,8 @@ do { \ * to guarantee that we have a * packet with port info. */ - if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP) - && offset == 0) { + if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP || + proto==IPPROTO_SCTP) && offset == 0) { u_int16_t x = (cmd->opcode == O_IP_SRCPORT) ? src_port : dst_port ;