From 95fbf38ed3aa1b688417e1a4252761a6d345a1cb Mon Sep 17 00:00:00 2001
From: foxfair <foxfair@FreeBSD.org>
Date: Wed, 18 Jun 2003 04:46:34 +0000
Subject: PR: Submitted by:	maintainer Reviewed by: Approved by: Obtained
 from: MFC after: Add two patches to solve the following problems:

patch-ab
 - resolves a problem with a mbuf-tag in 5.1
 - Submitted by: Pyun YongHyeon <yongari@kt-is.co.kr>

patch-ac
 - pulls in two critical fixes from OpenBSD patch branch
 - Obtained from: OpenBSD

Change BROKEN to IGNORE tag in Makefile, suggested by: kris@
&& bump PORTREVISION.
---
 security/pf/files/patch-ab | 70 ++++++++++++++++++++++++++++++++++++++++++++++
 security/pf/files/patch-ac | 29 +++++++++++++++++++
 2 files changed, 99 insertions(+)
 create mode 100644 security/pf/files/patch-ab
 create mode 100644 security/pf/files/patch-ac

(limited to 'security/pf/files')

diff --git a/security/pf/files/patch-ab b/security/pf/files/patch-ab
new file mode 100644
index 0000000..0355d57
--- /dev/null
+++ b/security/pf/files/patch-ab
@@ -0,0 +1,70 @@
+--- pf/pf_support.h	Mon Apr 14 05:54:15 2003
++++ pf/pf_support.h	Tue Jun 17 14:26:33 2003
+@@ -16,10 +16,16 @@
+  * Original numbers changed from 11, 12, 13.
+  * sys/mbuf.h
+  */
+-#define PACKET_TAG_PF_GENERATED		19 /* PF generated, pass always */
+-#define PACKET_TAG_PF_ROUTED		20 /* PF routed, no route loops */
+-#define PACKET_TAG_PF_FRAGCACHE		21 /* PF fragment cached */
+-#define PACKET_TAG_PF_QID		22 /* PF queue id */
++#if defined(PACKET_TAG_MACLABEL)
++#define PACKET_TAG_FB_END		(PACKET_TAG_MACLABEL)
++#else
++#define PACKET_TAG_FB_END		(PACKET_TAG_IPFORWARD)
++#endif
++#define PACKET_TAG_PF_GENERATED		(PACKET_TAG_FB_END+1)
++#define PACKET_TAG_PF_ROUTED		(PACKET_TAG_FB_END+2)
++#define PACKET_TAG_PF_FRAGCACHE		(PACKET_TAG_FB_END+3)
++#define PACKET_TAG_PF_QID		(PACKET_TAG_FB_END+4)
++#define PACKET_TAG_PF_TAG		(PACKET_TAG_FB_END+5)
+ 
+ /*
+  * sys/limits.h
+--- pfaltq/pf_support.h	Mon Apr 14 06:04:19 2003
++++ pfaltq/pf_support.h	Tue Jun 17 14:26:34 2003
+@@ -16,10 +16,16 @@
+  * Original numbers changed from 11, 12, 13.
+  * sys/mbuf.h
+  */
+-#define PACKET_TAG_PF_GENERATED		19 /* PF generated, pass always */
+-#define PACKET_TAG_PF_ROUTED		20 /* PF routed, no route loops */
+-#define PACKET_TAG_PF_FRAGCACHE		21 /* PF fragment cached */
+-#define PACKET_TAG_PF_QID		22 /* PF queue id */
++#if defined(PACKET_TAG_MACLABEL)
++#define PACKET_TAG_FB_END		(PACKET_TAG_MACLABEL)
++#else
++#define PACKET_TAG_FB_END		(PACKET_TAG_IPFORWARD)
++#endif
++#define PACKET_TAG_PF_GENERATED		(PACKET_TAG_FB_END+1)
++#define PACKET_TAG_PF_ROUTED		(PACKET_TAG_FB_END+2)
++#define PACKET_TAG_PF_FRAGCACHE		(PACKET_TAG_FB_END+3)
++#define PACKET_TAG_PF_QID		(PACKET_TAG_FB_END+4)
++#define PACKET_TAG_PF_TAG		(PACKET_TAG_FB_END+5)
+ 
+ /*
+  * sys/limits.h
+--- pfctl/pf_support.h	Mon Apr 14 05:55:07 2003
++++ pfctl/pf_support.h	Tue Jun 17 14:26:34 2003
+@@ -16,10 +16,16 @@
+  * Original numbers changed from 11, 12, 13.
+  * sys/mbuf.h
+  */
+-#define PACKET_TAG_PF_GENERATED		19 /* PF generated, pass always */
+-#define PACKET_TAG_PF_ROUTED		20 /* PF routed, no route loops */
+-#define PACKET_TAG_PF_FRAGCACHE		21 /* PF fragment cached */
+-#define PACKET_TAG_PF_QID		22 /* PF queue id */
++#if defined(PACKET_TAG_MACLABEL)
++#define PACKET_TAG_FB_END		(PACKET_TAG_MACLABEL)
++#else
++#define PACKET_TAG_FB_END		(PACKET_TAG_IPFORWARD)
++#endif
++#define PACKET_TAG_PF_GENERATED		(PACKET_TAG_FB_END+1)
++#define PACKET_TAG_PF_ROUTED		(PACKET_TAG_FB_END+2)
++#define PACKET_TAG_PF_FRAGCACHE		(PACKET_TAG_FB_END+3)
++#define PACKET_TAG_PF_QID		(PACKET_TAG_FB_END+4)
++#define PACKET_TAG_PF_TAG		(PACKET_TAG_FB_END+5)
+ 
+ /*
+  * sys/limits.h
+
diff --git a/security/pf/files/patch-ac b/security/pf/files/patch-ac
new file mode 100644
index 0000000..a239c52
--- /dev/null
+++ b/security/pf/files/patch-ac
@@ -0,0 +1,29 @@
+--- pf/pf.c	Wed May  7 09:33:21 2003
++++ pf/pf.c	Tue Jun 17 17:02:08 2003
+@@ -2837,6 +2837,7 @@
+ 		/* check incoming packet for BINAT/RDR */
+ 		if ((rdr = pf_get_translation(PF_IN, ifp, pd->proto,
+ 		    saddr, 0, daddr, 0, &naddr, NULL, af)) != NULL) {
++			PF_ACPY(&baddr, daddr, af);
+ 			switch (af) {
+ #ifdef INET
+ 			case AF_INET:
+@@ -3179,7 +3180,7 @@
+ 	    /* Retrans: not more than one window back */
+ 	    (ackskew >= -MAXACKWINDOW) &&
+ 	    /* Acking not more than one window back */
+-	    (ackskew <= MAXACKWINDOW)) {
++	    (ackskew <= (MAXACKWINDOW << sws))) {
+ 	    /* Acking not more than one window forward */
+ 
+ 		(*state)->packets++;
+@@ -3346,7 +3347,7 @@
+ 			    SEQ_GEQ(seq, src->seqlo - (dst->max_win << dws)) ?
+ 			    ' ': '2',
+ 			    (ackskew >= -MAXACKWINDOW) ? ' ' : '3',
+-			    (ackskew <= MAXACKWINDOW) ? ' ' : '4',
++			    (ackskew <= (MAXACKWINDOW << sws)) ? ' ' : '4',
+ 			    SEQ_GEQ(src->seqhi + MAXACKWINDOW, end) ?' ' :'5',
+ 			    SEQ_GEQ(seq, src->seqlo - MAXACKWINDOW) ?' ' :'6');
+ 		}
+
-- 
cgit v1.1