From nobody Fri Jul 21 10:32:36 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R6m8j0ywGz4pG0S; Fri, 21 Jul 2023 10:32:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R6m8j06N9z3q47; Fri, 21 Jul 2023 10:32:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689935557; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oHvYGoC6cjb/ybPFl16ajsteO0z60Vv0okoLj3L6jJA=; b=myGXtpIgdexYUu4/Ak7mb3zipnKAzEXiyFyV2O2gVQFUWP3/PJxbV9YvuY2Z8aw2dpWx2N fgrsQxrAOjNWkjSEGgUD7w8fI07Qvp2QNYE4Sb1edQE/QTFZDMzqog/GF7T3bs4hb0MyOS aXhgppTorSCKoICbMXR0oLTwww51e0mz8Og43SsMEgoL6Fuff4qZCP+90/uru8Qh0Qh+AU vjYVo0iyIEA2fFPIfzXFldidLG/ZX0qWC0v91hPW+WRTpHn48+vP3G4qty2gEOBOOzvfMQ 8AxVYaw9hDGjRbuSy3873ZlEqXnH3sK650Xmou+e4VXF5Cw9DdyEqwuVX2y3LQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689935557; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oHvYGoC6cjb/ybPFl16ajsteO0z60Vv0okoLj3L6jJA=; b=sAeoA5rDSZJXeHxcNyxSS7H+Q2u06ZyECP9S2GwSG+I8ik1VfuOxnQq1CrY3WAxSktxSTy +axllk/9ARpdfCSU2IGCLFMLMkRTqDEfkWTA+rY+C+/BnHL6KzPzt6hQwG07TuYNk1IKuQ wHCNGMVZCTy9FnGOjnpAzlF1e3yfyoTfoLJvZK8stkCd4z4c9OENsY8sUkoydzkL18m09n IUX0JIUZgVw0dDSlq02Nd1Mb71TLxN0FYurJE/8wip5OKyJ+aOIfz7sP/Kx/f9lsI3ufw9 04QMp7zCuFQFlee/td1Li3sUDEX/Ro4FMKryEu27xcNC1uqD593xB4NIYLfAGw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689935557; a=rsa-sha256; cv=none; b=imnxcOnSmupgwcQnzXFmsAC5Kg6A7vYvOR9jfSXidMtrYiuFDWM5LiNM3ZkgPjgQPxpwFQ K7lDfg5iMwd+HOh8/zDw0nESZRurlmSdCojPaNsEApM8DWo15LzDFqU7H0iACGMFj4X+3t L3rB8FJ2zJaXJxG/iPrD0gCNqZouO1JouYaQSIEzI4zoRDteh+lJ/bfBvdkj7Hs9A240n2 S4XXZ15n6Br3FJ6DVWLBm7PNyVM2zqtaEJnS0tL4dH0mHaLEg6vKo33iVjwXBGMqM71v3f jJDxhRKaURfeXIH7qVcQRnHDJlNtFxOLlEk6vdRUCkXcHmkvgWKj87oGeZZtZw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4R6m8h68K7z182d; Fri, 21 Jul 2023 10:32:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 36LAWagv010489; Fri, 21 Jul 2023 10:32:36 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 36LAWaio010488; Fri, 21 Jul 2023 10:32:36 GMT (envelope-from git) Date: Fri, 21 Jul 2023 10:32:36 GMT Message-Id: <202307211032.36LAWaio010488@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 0bd4a6837c4b - main - pfctl: SCTP can have port numbers List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0bd4a6837c4bc3dd6168c5679c21c58d41a6910e Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=0bd4a6837c4bc3dd6168c5679c21c58d41a6910e commit 0bd4a6837c4bc3dd6168c5679c21c58d41a6910e Author: Kristof Provost AuthorDate: 2023-04-26 14:59:40 +0000 Commit: Kristof Provost CommitDate: 2023-07-21 10:32:18 +0000 pfctl: SCTP can have port numbers MFC after: 3 weeks Sponsored by: Orange Business Services Differential Revision: https://reviews.freebsd.org/D40861 --- sbin/pfctl/parse.y | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 1a0935ce599b..390888526006 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -5274,8 +5274,9 @@ filter_consistent(struct pfctl_rule *r, int anchor_call) int problems = 0; if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP && + r->proto != IPPROTO_SCTP && (r->src.port_op || r->dst.port_op)) { - yyerror("port only applies to tcp/udp"); + yyerror("port only applies to tcp/udp/sctp"); problems++; } if (r->proto != IPPROTO_ICMP && r->proto != IPPROTO_ICMPV6 && @@ -5354,17 +5355,18 @@ rdr_consistent(struct pfctl_rule *r) { int problems = 0; - if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP) { + if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP && + r->proto != IPPROTO_SCTP) { if (r->src.port_op) { - yyerror("src port only applies to tcp/udp"); + yyerror("src port only applies to tcp/udp/sctp"); problems++; } if (r->dst.port_op) { - yyerror("dst port only applies to tcp/udp"); + yyerror("dst port only applies to tcp/udp/sctp"); problems++; } if (r->rpool.proxy_port[0]) { - yyerror("rpool port only applies to tcp/udp"); + yyerror("rpool port only applies to tcp/udp/sctp"); problems++; } } @@ -6936,6 +6938,8 @@ getservice(char *n) s = getservbyname(n, "tcp"); if (s == NULL) s = getservbyname(n, "udp"); + if (s == NULL) + s = getservbyname(n, "sctp"); if (s == NULL) { yyerror("unknown port %s", n); return (-1);