From owner-svn-src-all@freebsd.org Mon Oct 2 18:25:31 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CE98FE23DFD; Mon, 2 Oct 2017 18:25:31 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9D62972454; Mon, 2 Oct 2017 18:25:31 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v92IPUp5076017; Mon, 2 Oct 2017 18:25:30 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v92IPUpu076015; Mon, 2 Oct 2017 18:25:30 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <201710021825.v92IPUpu076015@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Mon, 2 Oct 2017 18:25:30 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r324216 - in head: sbin/ipfw sys/netpfil/ipfw X-SVN-Group: head X-SVN-Commit-Author: tuexen X-SVN-Commit-Paths: in head: sbin/ipfw sys/netpfil/ipfw X-SVN-Commit-Revision: 324216 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Oct 2017 18:25:31 -0000 Author: tuexen Date: Mon Oct 2 18:25:30 2017 New Revision: 324216 URL: https://svnweb.freebsd.org/changeset/base/324216 Log: Fix a bug which avoided that rules for matching port numbers for SCTP packets where actually matched. While there, make clean in the man-page that SCTP port numbers are supported in rules. MFC after: 1 month Modified: head/sbin/ipfw/ipfw.8 head/sys/netpfil/ipfw/ip_fw2.c Modified: head/sbin/ipfw/ipfw.8 ============================================================================== --- head/sbin/ipfw/ipfw.8 Mon Oct 2 18:03:55 2017 (r324215) +++ head/sbin/ipfw/ipfw.8 Mon Oct 2 18:25:30 2017 (r324216) @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 3, 2017 +.Dd October 2, 2017 .Dt IPFW 8 .Os .Sh NAME @@ -537,7 +537,7 @@ for filtering packets, among the following: .It Layer-2 header fields When available .It IPv4 and IPv6 Protocol -TCP, UDP, ICMP, etc. +SCTP, TCP, UDP, ICMP, etc. .It Source and dest. addresses and ports .It Direction See Section @@ -1396,7 +1396,7 @@ error-prone. No support for sets of IPv6 addresses is provided because IPv6 addresses are typically random past the initial prefix. .It Ar ports : Bro Ar port | port Ns \&- Ns Ar port Ns Brc Ns Op , Ns Ar ports -For protocols which support port numbers (such as TCP and UDP), optional +For protocols which support port numbers (such as SCTP, TCP and UDP), optional .Cm ports may be specified as one or more ports or port ranges, separated by commas but no spaces, and an optional Modified: head/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- head/sys/netpfil/ipfw/ip_fw2.c Mon Oct 2 18:03:55 2017 (r324215) +++ head/sys/netpfil/ipfw/ip_fw2.c Mon Oct 2 18:25:30 2017 (r324216) @@ -1663,8 +1663,8 @@ do { \ * to guarantee that we have a * packet with port info. */ - if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP) - && offset == 0) { + if ((proto==IPPROTO_UDP || proto==IPPROTO_TCP || + proto==IPPROTO_SCTP) && offset == 0) { u_int16_t x = (cmd->opcode == O_IP_SRCPORT) ? src_port : dst_port ;