Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 24 Dec 2010 00:03:38 GMT
From:      Sebastian Zander <szander@swin.edu.au>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/153415: Port numbers always zero in dynamic IPFW rules for SCTP over IPv4
Message-ID:  <201012240003.oBO03cNP018071@red.freebsd.org>
Resent-Message-ID: <201012240010.oBO0AAiS009613@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         153415
>Category:       kern
>Synopsis:       Port numbers always zero in dynamic IPFW rules for SCTP over IPv4
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 24 00:10:10 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Sebastian Zander
>Release:        FreeBSD-CURRENT (revision 216463)
>Organization:
Swinburne University
>Environment:
FreeBSD szander.caia.swin.edu.au 9.0-CURRENT FreeBSD 9.0-CURRENT #5: Thu Dec 16 16:47:32 EST 2010     szander@szander.caia.swin.edu.au:/usr/obj/usr/home/szander/dev/diffuse_head/sys/GENERIC+DIFFUSE  i386
>Description:
Source and destination port numbers for dynamic rules created by IPFW are always zero for SCTP over IPv4, e.g. 
# ipfw -d show
00050  250  25080 count sctp from any to any keep-state
65000 1218 128492 allow ip from any to any
65535    0      0 deny ip from any to any
## Dynamic rules (1):
00050    5    184 (4s) STATE sctp 127.0.0.1 0 <-> 127.0.0.1 0
>How-To-Repeat:
Run IPFW with a keep-state rule that matches SCTP traffic, e.g.
ipfw add count sctp from any to any keep-state
Create SCTP traffic and run ipfw -d show.
>Fix:
--- a/sys/netinet/ipfw/ip_fw2.c Wed Dec 22 18:59:59 2010 +1100
+++ b/sys/netinet/ipfw/ip_fw2.c Fri Dec 24 10:58:03 2010 +1100
@@ -1139,6 +1139,12 @@
                                src_port = UDP(ulp)->uh_sport;
                                break;
 
+                       case IPPROTO_SCTP:
+                                PULLUP_TO(hlen, ulp, struct sctphdr);
+                                src_port = SCTP(ulp)->src_port;
+                                dst_port = SCTP(ulp)->dest_port;
+                                break;
+
                        case IPPROTO_ICMP:
                                PULLUP_TO(hlen, ulp, struct icmphdr);
                                //args->f_id.flags = ICMP(ulp)->icmp_type;


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012240003.oBO03cNP018071>