git: 9b14d6c17355 - stable/13 - pfctl: SCTP can have port numbers
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 11 Aug 2023 12:13:30 UTC
The branch stable/13 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=9b14d6c17355d0f516991cefd240bf51e8c26959
commit 9b14d6c17355d0f516991cefd240bf51e8c26959
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-04-26 14:59:40 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-08-11 12:13:09 +0000
pfctl: SCTP can have port numbers
MFC after: 3 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D40861
(cherry picked from commit 0bd4a6837c4bc3dd6168c5679c21c58d41a6910e)
---
sbin/pfctl/parse.y | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index 043f8faee27b..1a7ce483ef7f 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -4797,8 +4797,9 @@ filter_consistent(struct pfctl_rule *r, int anchor_call)
int problems = 0;
if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP &&
+ r->proto != IPPROTO_SCTP &&
(r->src.port_op || r->dst.port_op)) {
- yyerror("port only applies to tcp/udp");
+ yyerror("port only applies to tcp/udp/sctp");
problems++;
}
if (r->proto != IPPROTO_ICMP && r->proto != IPPROTO_ICMPV6 &&
@@ -4865,17 +4866,18 @@ rdr_consistent(struct pfctl_rule *r)
{
int problems = 0;
- if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP) {
+ if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP &&
+ r->proto != IPPROTO_SCTP) {
if (r->src.port_op) {
- yyerror("src port only applies to tcp/udp");
+ yyerror("src port only applies to tcp/udp/sctp");
problems++;
}
if (r->dst.port_op) {
- yyerror("dst port only applies to tcp/udp");
+ yyerror("dst port only applies to tcp/udp/sctp");
problems++;
}
if (r->rpool.proxy_port[0]) {
- yyerror("rpool port only applies to tcp/udp");
+ yyerror("rpool port only applies to tcp/udp/sctp");
problems++;
}
}
@@ -6350,6 +6352,8 @@ getservice(char *n)
s = getservbyname(n, "tcp");
if (s == NULL)
s = getservbyname(n, "udp");
+ if (s == NULL)
+ s = getservbyname(n, "sctp");
if (s == NULL) {
yyerror("unknown port %s", n);
return (-1);