Fix a bug which avoided that rules for matching port numbers for SCTP
packets where actually matched. While there, make clean in the man-page that SCTP port numbers are supported in rules. MFC after: 1 month
This commit is contained in:
parent
f67e55dde7
commit
b3b79fd3fd
@ -1,7 +1,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" $FreeBSD$
|
.\" $FreeBSD$
|
||||||
.\"
|
.\"
|
||||||
.Dd April 3, 2017
|
.Dd October 2, 2017
|
||||||
.Dt IPFW 8
|
.Dt IPFW 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -537,7 +537,7 @@ for filtering packets, among the following:
|
|||||||
.It Layer-2 header fields
|
.It Layer-2 header fields
|
||||||
When available
|
When available
|
||||||
.It IPv4 and IPv6 Protocol
|
.It IPv4 and IPv6 Protocol
|
||||||
TCP, UDP, ICMP, etc.
|
SCTP, TCP, UDP, ICMP, etc.
|
||||||
.It Source and dest. addresses and ports
|
.It Source and dest. addresses and ports
|
||||||
.It Direction
|
.It Direction
|
||||||
See Section
|
See Section
|
||||||
@ -1396,7 +1396,7 @@ error-prone.
|
|||||||
No support for sets of IPv6 addresses is provided because IPv6 addresses
|
No support for sets of IPv6 addresses is provided because IPv6 addresses
|
||||||
are typically random past the initial prefix.
|
are typically random past the initial prefix.
|
||||||
.It Ar ports : Bro Ar port | port Ns \&- Ns Ar port Ns Brc Ns Op , Ns Ar ports
|
.It Ar ports : Bro Ar port | port Ns \&- Ns Ar port Ns Brc Ns Op , Ns Ar ports
|
||||||
For protocols which support port numbers (such as TCP and UDP), optional
|
For protocols which support port numbers (such as SCTP, TCP and UDP), optional
|
||||||
.Cm ports
|
.Cm ports
|
||||||
may be specified as one or more ports or port ranges, separated
|
may be specified as one or more ports or port ranges, separated
|
||||||
by commas but no spaces, and an optional
|
by commas but no spaces, and an optional
|
||||||
|
@ -1663,8 +1663,8 @@ do { \
|
|||||||
* to guarantee that we have a
|
* to guarantee that we have a
|
||||||
* packet with port info.
|
* packet with port info.
|
||||||
*/
|
*/
|
||||||
if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP)
|
if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP ||
|
||||||
&& offset == 0) {
|
proto==IPPROTO_SCTP) && offset == 0) {
|
||||||
u_int16_t x =
|
u_int16_t x =
|
||||||
(cmd->opcode == O_IP_SRCPORT) ?
|
(cmd->opcode == O_IP_SRCPORT) ?
|
||||||
src_port : dst_port ;
|
src_port : dst_port ;
|
||||||
|
Loading…
Reference in New Issue
Block a user