Fix a bug which avoided that rules for matching port numbers for SCTP

packets where actually matched.
While there, make clean in the man-page that SCTP port numbers are
supported in rules.

MFC after:	1 month
This commit is contained in:
tuexen 2017-10-02 18:25:30 +00:00
parent f67e55dde7
commit b3b79fd3fd
2 changed files with 5 additions and 5 deletions

View File

@ -1,7 +1,7 @@
.\" .\"
.\" $FreeBSD$ .\" $FreeBSD$
.\" .\"
.Dd April 3, 2017 .Dd October 2, 2017
.Dt IPFW 8 .Dt IPFW 8
.Os .Os
.Sh NAME .Sh NAME
@ -537,7 +537,7 @@ for filtering packets, among the following:
.It Layer-2 header fields .It Layer-2 header fields
When available When available
.It IPv4 and IPv6 Protocol .It IPv4 and IPv6 Protocol
TCP, UDP, ICMP, etc. SCTP, TCP, UDP, ICMP, etc.
.It Source and dest. addresses and ports .It Source and dest. addresses and ports
.It Direction .It Direction
See Section See Section
@ -1396,7 +1396,7 @@ error-prone.
No support for sets of IPv6 addresses is provided because IPv6 addresses No support for sets of IPv6 addresses is provided because IPv6 addresses
are typically random past the initial prefix. are typically random past the initial prefix.
.It Ar ports : Bro Ar port | port Ns \&- Ns Ar port Ns Brc Ns Op , Ns Ar ports .It Ar ports : Bro Ar port | port Ns \&- Ns Ar port Ns Brc Ns Op , Ns Ar ports
For protocols which support port numbers (such as TCP and UDP), optional For protocols which support port numbers (such as SCTP, TCP and UDP), optional
.Cm ports .Cm ports
may be specified as one or more ports or port ranges, separated may be specified as one or more ports or port ranges, separated
by commas but no spaces, and an optional by commas but no spaces, and an optional

View File

@ -1663,8 +1663,8 @@ do { \
* to guarantee that we have a * to guarantee that we have a
* packet with port info. * packet with port info.
*/ */
if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP) if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP ||
&& offset == 0) { proto==IPPROTO_SCTP) && offset == 0) {
u_int16_t x = u_int16_t x =
(cmd->opcode == O_IP_SRCPORT) ? (cmd->opcode == O_IP_SRCPORT) ?
src_port : dst_port ; src_port : dst_port ;