diff options
author | Kristof Provost <kp@FreeBSD.org> | 2023-04-26 14:59:40 +0000 |
---|---|---|
committer | Kristof Provost <kp@FreeBSD.org> | 2023-08-11 12:13:09 +0000 |
commit | 9b14d6c17355d0f516991cefd240bf51e8c26959 (patch) | |
tree | c042404e8c2934020569e04ce2a55665764bd91d | |
parent | 836dc3507e0da06a60762eca8f98c80530eb7173 (diff) | |
download | src-9b14d6c17355d0f516991cefd240bf51e8c26959.tar.gz src-9b14d6c17355d0f516991cefd240bf51e8c26959.zip |
pfctl: SCTP can have port numbers
MFC after: 3 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D40861
(cherry picked from commit 0bd4a6837c4bc3dd6168c5679c21c58d41a6910e)
-rw-r--r-- | sbin/pfctl/parse.y | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y index 043f8faee27b..1a7ce483ef7f 100644 --- a/sbin/pfctl/parse.y +++ b/sbin/pfctl/parse.y @@ -4797,8 +4797,9 @@ filter_consistent(struct pfctl_rule *r, int anchor_call) int problems = 0; if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP && + r->proto != IPPROTO_SCTP && (r->src.port_op || r->dst.port_op)) { - yyerror("port only applies to tcp/udp"); + yyerror("port only applies to tcp/udp/sctp"); problems++; } if (r->proto != IPPROTO_ICMP && r->proto != IPPROTO_ICMPV6 && @@ -4865,17 +4866,18 @@ rdr_consistent(struct pfctl_rule *r) { int problems = 0; - if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP) { + if (r->proto != IPPROTO_TCP && r->proto != IPPROTO_UDP && + r->proto != IPPROTO_SCTP) { if (r->src.port_op) { - yyerror("src port only applies to tcp/udp"); + yyerror("src port only applies to tcp/udp/sctp"); problems++; } if (r->dst.port_op) { - yyerror("dst port only applies to tcp/udp"); + yyerror("dst port only applies to tcp/udp/sctp"); problems++; } if (r->rpool.proxy_port[0]) { - yyerror("rpool port only applies to tcp/udp"); + yyerror("rpool port only applies to tcp/udp/sctp"); problems++; } } @@ -6350,6 +6352,8 @@ getservice(char *n) s = getservbyname(n, "tcp"); if (s == NULL) s = getservbyname(n, "udp"); + if (s == NULL) + s = getservbyname(n, "sctp"); if (s == NULL) { yyerror("unknown port %s", n); return (-1); |